From: Sasha Levin Date: Fri, 11 Oct 2024 12:10:04 +0000 (-0400) Subject: Fixes for 5.15 X-Git-Tag: v5.10.227~82 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=427b42442c640d95727e6620681319a01da054ba;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.15 Signed-off-by: Sasha Levin --- diff --git a/queue-5.15/drm-crtc-fix-uninitialized-variable-use-even-harder.patch b/queue-5.15/drm-crtc-fix-uninitialized-variable-use-even-harder.patch new file mode 100644 index 00000000000..af9bc8e83f7 --- /dev/null +++ b/queue-5.15/drm-crtc-fix-uninitialized-variable-use-even-harder.patch @@ -0,0 +1,40 @@ +From a4f9f0dcdb108413a1f36692d6a8d79b17f767ad Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Feb 2024 13:55:34 -0800 +Subject: drm/crtc: fix uninitialized variable use even harder + +From: Rob Clark + +[ Upstream commit b6802b61a9d0e99dcfa6fff7c50db7c48a9623d3 ] + +DRM_MODESET_LOCK_ALL_BEGIN() has a hidden trap-door (aka retry loop), +which means we can't rely too much on variable initializers. + +Fixes: 6e455f5dcdd1 ("drm/crtc: fix uninitialized variable use") +Signed-off-by: Rob Clark +Reviewed-by: Daniel Vetter +Reviewed-by: Abhinav Kumar +Reviewed-by: Dmitry Baryshkov +Tested-by: Dmitry Baryshkov # sc7180, sdm845 +Link: https://patchwork.freedesktop.org/patch/msgid/20240212215534.190682-1-robdclark@gmail.com +Signed-off-by: Dmitry Baryshkov +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/drm_crtc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c +index c5e0c652766c8..e8cee1891fd60 100644 +--- a/drivers/gpu/drm/drm_crtc.c ++++ b/drivers/gpu/drm/drm_crtc.c +@@ -832,6 +832,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data, + connector_set = NULL; + fb = NULL; + mode = NULL; ++ num_connectors = 0; + + DRM_MODESET_LOCK_ALL_END(dev, ctx, ret); + +-- +2.43.0 + diff --git a/queue-5.15/fs-ntfs3-refactor-enum_rstbl-to-suppress-static-chec.patch b/queue-5.15/fs-ntfs3-refactor-enum_rstbl-to-suppress-static-chec.patch new file mode 100644 index 00000000000..5ae87dbbf86 --- /dev/null +++ b/queue-5.15/fs-ntfs3-refactor-enum_rstbl-to-suppress-static-chec.patch @@ -0,0 +1,58 @@ +From c2361eff8735c40ff9fdbf21bc60ba32803f12e9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Jul 2024 16:51:18 +0300 +Subject: fs/ntfs3: Refactor enum_rstbl to suppress static checker + +From: Konstantin Komarov + +[ Upstream commit 56c16d5459d5c050a97a138a00a82b105a8e0a66 ] + +Comments and brief description of function enum_rstbl added. + +Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal") +Reported-by: Dan Carpenter +Signed-off-by: Konstantin Komarov +Signed-off-by: Sasha Levin +--- + fs/ntfs3/fslog.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c +index ba4dc7385b446..6fddedca71f32 100644 +--- a/fs/ntfs3/fslog.c ++++ b/fs/ntfs3/fslog.c +@@ -609,14 +609,29 @@ static inline void add_client(struct CLIENT_REC *ca, u16 index, __le16 *head) + *head = cpu_to_le16(index); + } + ++/* ++ * Enumerate restart table. ++ * ++ * @t - table to enumerate. ++ * @c - current enumerated element. ++ * ++ * enumeration starts with @c == NULL ++ * returns next element or NULL ++ */ + static inline void *enum_rstbl(struct RESTART_TABLE *t, void *c) + { + __le32 *e; + u32 bprt; +- u16 rsize = t ? le16_to_cpu(t->size) : 0; ++ u16 rsize; ++ ++ if (!t) ++ return NULL; ++ ++ rsize = le16_to_cpu(t->size); + + if (!c) { +- if (!t || !t->total) ++ /* start enumeration. */ ++ if (!t->total) + return NULL; + e = Add2Ptr(t, sizeof(struct RESTART_TABLE)); + } else { +-- +2.43.0 + diff --git a/queue-5.15/input-synaptics-rmi4-fix-uaf-of-irq-domain-on-driver.patch b/queue-5.15/input-synaptics-rmi4-fix-uaf-of-irq-domain-on-driver.patch new file mode 100644 index 00000000000..838ce9fa578 --- /dev/null +++ b/queue-5.15/input-synaptics-rmi4-fix-uaf-of-irq-domain-on-driver.patch @@ -0,0 +1,55 @@ +From 0f6a230af237970930344453172e87ab8aaf4295 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Oct 2024 05:41:48 +0000 +Subject: Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal + +From: Mathias Krause + +commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream. + +Calling irq_domain_remove() will lead to freeing the IRQ domain +prematurely. The domain is still referenced and will be attempted to get +used via rmi_free_function_list() -> rmi_unregister_function() -> +irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. + +With PaX's MEMORY_SANITIZE this will lead to an access fault when +attempting to dereference embedded pointers, as in Torsten's report that +was faulting on the 'domain->ops->unmap' test. + +Fix this by releasing the IRQ domain only after all related IRQs have +been deactivated. + +Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") +Reported-by: Torsten Hilbrich +Signed-off-by: Mathias Krause +Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net +Signed-off-by: Dmitry Torokhov +Signed-off-by: Tzung-Bi Shih +Signed-off-by: Sasha Levin +--- + drivers/input/rmi4/rmi_driver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c +index aa32371f04af6..ef9ea295f9e03 100644 +--- a/drivers/input/rmi4/rmi_driver.c ++++ b/drivers/input/rmi4/rmi_driver.c +@@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev) + + rmi_disable_irq(rmi_dev, false); + +- irq_domain_remove(data->irqdomain); +- data->irqdomain = NULL; +- + rmi_f34_remove_sysfs(rmi_dev); + rmi_free_function_list(rmi_dev); + ++ irq_domain_remove(data->irqdomain); ++ data->irqdomain = NULL; ++ + return 0; + } + +-- +2.43.0 + diff --git a/queue-5.15/net-ethernet-cortina-drop-tso-support.patch b/queue-5.15/net-ethernet-cortina-drop-tso-support.patch new file mode 100644 index 00000000000..facf3af8739 --- /dev/null +++ b/queue-5.15/net-ethernet-cortina-drop-tso-support.patch @@ -0,0 +1,88 @@ +From 4cd3a9246294bf5ea9a9ffc8293ddfcf88b46466 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 6 Jan 2024 01:12:22 +0100 +Subject: net: ethernet: cortina: Drop TSO support + +From: Linus Walleij + +[ Upstream commit ac631873c9e7a50d2a8de457cfc4b9f86666403e ] + +The recent change to allow large frames without hardware checksumming +slotted in software checksumming in the driver if hardware could not +do it. + +This will however upset TSO (TCP Segment Offloading). Typical +error dumps includes this: + +skb len=2961 headroom=222 headlen=66 tailroom=0 +(...) +WARNING: CPU: 0 PID: 956 at net/core/dev.c:3259 skb_warn_bad_offload+0x7c/0x108 +gemini-ethernet-port: caps=(0x0000010000154813, 0x00002007ffdd7889) + +And the packets do not go through. + +The TSO implementation is bogus: a TSO enabled driver must propagate +the skb_shinfo(skb)->gso_size value to the TSO engine on the NIC. + +Drop the size check and TSO offloading features for now: this +needs to be fixed up properly. + +After this ethernet works fine on Gemini devices with a direct connected +PHY such as D-Link DNS-313. + +Also tested to still be working with a DSA switch using the Gemini +ethernet as conduit interface. + +Link: https://lore.kernel.org/netdev/CANn89iJLfxng1sYL5Zk0mknXpyYQPCp83m3KgD2KJ2_hKCpEUg@mail.gmail.com/ +Suggested-by: Eric Dumazet +Fixes: d4d0c5b4d279 ("net: ethernet: cortina: Handle large frames") +Signed-off-by: Linus Walleij +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/cortina/gemini.c | 15 ++------------- + 1 file changed, 2 insertions(+), 13 deletions(-) + +diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c +index 0c8c92ff7704f..3a11dccec8c1b 100644 +--- a/drivers/net/ethernet/cortina/gemini.c ++++ b/drivers/net/ethernet/cortina/gemini.c +@@ -79,8 +79,7 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)"); + #define GMAC0_IRQ4_8 (GMAC0_MIB_INT_BIT | GMAC0_RX_OVERRUN_INT_BIT) + + #define GMAC_OFFLOAD_FEATURES (NETIF_F_SG | NETIF_F_IP_CSUM | \ +- NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM | \ +- NETIF_F_TSO | NETIF_F_TSO_ECN | NETIF_F_TSO6) ++ NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM) + + /** + * struct gmac_queue_page - page buffer per-page info +@@ -1148,23 +1147,13 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, + struct gmac_txdesc *txd; + skb_frag_t *skb_frag; + dma_addr_t mapping; +- unsigned short mtu; + void *buffer; + int ret; + +- mtu = ETH_HLEN; +- mtu += netdev->mtu; +- if (skb->protocol == htons(ETH_P_8021Q)) +- mtu += VLAN_HLEN; +- ++ /* TODO: implement proper TSO using MTU in word3 */ + word1 = skb->len; + word3 = SOF_BIT; + +- if (word1 > mtu) { +- word1 |= TSS_MTU_ENABLE_BIT; +- word3 |= mtu; +- } +- + if (skb->len >= ETH_FRAME_LEN) { + /* Hardware offloaded checksumming isn't working on frames + * bigger than 1514 bytes. A hypothesis about this is that the +-- +2.43.0 + diff --git a/queue-5.15/selftests-net-give-more-time-to-udpgro-bg-processes-.patch b/queue-5.15/selftests-net-give-more-time-to-udpgro-bg-processes-.patch new file mode 100644 index 00000000000..752d401f9f2 --- /dev/null +++ b/queue-5.15/selftests-net-give-more-time-to-udpgro-bg-processes-.patch @@ -0,0 +1,66 @@ +From 64d505a1045b9d1aba5aec6db6fd1d7e702beef7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Nov 2022 14:48:08 -0400 +Subject: selftests/net: give more time to udpgro bg processes to complete + startup + +From: Adrien Thierry + +[ Upstream commit cdb525ca92b196f8916102b62431aa0d9a644ff2 ] + +In some conditions, background processes in udpgro don't have enough +time to set up the sockets. When foreground processes start, this +results in the test failing with "./udpgso_bench_tx: sendmsg: Connection +refused". For instance, this happens from time to time on a Qualcomm +SA8540P SoC running CentOS Stream 9. + +To fix this, increase the time given to background processes to +complete the startup before foreground processes start. + +Signed-off-by: Adrien Thierry +Signed-off-by: David S. Miller +Stable-dep-of: 9d851dd4dab6 ("selftests: net: Remove executable bits from library scripts") +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/udpgro.sh | 4 ++-- + tools/testing/selftests/net/udpgro_bench.sh | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tools/testing/selftests/net/udpgro.sh b/tools/testing/selftests/net/udpgro.sh +index ebbd0b2824327..6a443ca3cd3a4 100755 +--- a/tools/testing/selftests/net/udpgro.sh ++++ b/tools/testing/selftests/net/udpgro.sh +@@ -50,7 +50,7 @@ run_one() { + echo "failed" & + + # Hack: let bg programs complete the startup +- sleep 0.1 ++ sleep 0.2 + ./udpgso_bench_tx ${tx_args} + ret=$? + wait $(jobs -p) +@@ -117,7 +117,7 @@ run_one_2sock() { + echo "failed" & + + # Hack: let bg programs complete the startup +- sleep 0.1 ++ sleep 0.2 + ./udpgso_bench_tx ${tx_args} -p 12345 + sleep 0.1 + # first UDP GSO socket should be closed at this point +diff --git a/tools/testing/selftests/net/udpgro_bench.sh b/tools/testing/selftests/net/udpgro_bench.sh +index fad2d1a71cac3..8a1109a545dba 100755 +--- a/tools/testing/selftests/net/udpgro_bench.sh ++++ b/tools/testing/selftests/net/udpgro_bench.sh +@@ -39,7 +39,7 @@ run_one() { + ip netns exec "${PEER_NS}" ./udpgso_bench_rx -t ${rx_args} -r & + + # Hack: let bg programs complete the startup +- sleep 0.1 ++ sleep 0.2 + ./udpgso_bench_tx ${tx_args} + } + +-- +2.43.0 + diff --git a/queue-5.15/selftests-net-remove-executable-bits-from-library-sc.patch b/queue-5.15/selftests-net-remove-executable-bits-from-library-sc.patch new file mode 100644 index 00000000000..9e1bf7b1f72 --- /dev/null +++ b/queue-5.15/selftests-net-remove-executable-bits-from-library-sc.patch @@ -0,0 +1,39 @@ +From 476a489abb7a581d9182f5cdd6381a1f30f11595 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Jan 2024 09:08:46 -0500 +Subject: selftests: net: Remove executable bits from library scripts + +From: Benjamin Poirier + +[ Upstream commit 9d851dd4dab63e95c1911a2fa847796d1ec5d58d ] + +setup_loopback.sh and net_helper.sh are meant to be sourced from other +scripts, not executed directly. Therefore, remove the executable bits from +those files' permissions. + +This change is similar to commit 49078c1b80b6 ("selftests: forwarding: +Remove executable bits from lib.sh") + +Fixes: 7d1575014a63 ("selftests/net: GRO coalesce test") +Fixes: 3bdd9fd29cb0 ("selftests/net: synchronize udpgro tests' tx and rx connection") +Suggested-by: Paolo Abeni +Signed-off-by: Benjamin Poirier +Link: https://lore.kernel.org/r/20240131140848.360618-4-bpoirier@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/net_helper.sh | 0 + tools/testing/selftests/net/setup_loopback.sh | 0 + 2 files changed, 0 insertions(+), 0 deletions(-) + mode change 100755 => 100644 tools/testing/selftests/net/net_helper.sh + mode change 100755 => 100644 tools/testing/selftests/net/setup_loopback.sh + +diff --git a/tools/testing/selftests/net/net_helper.sh b/tools/testing/selftests/net/net_helper.sh +old mode 100755 +new mode 100644 +diff --git a/tools/testing/selftests/net/setup_loopback.sh b/tools/testing/selftests/net/setup_loopback.sh +old mode 100755 +new mode 100644 +-- +2.43.0 + diff --git a/queue-5.15/selftests-net-synchronize-udpgro-tests-tx-and-rx-con.patch b/queue-5.15/selftests-net-synchronize-udpgro-tests-tx-and-rx-con.patch new file mode 100644 index 00000000000..c30dde39c52 --- /dev/null +++ b/queue-5.15/selftests-net-synchronize-udpgro-tests-tx-and-rx-con.patch @@ -0,0 +1,128 @@ +From 219f48d2cf111e7b58fe1c6d9cd1688db59841b4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Nov 2023 10:11:31 -0500 +Subject: selftests/net: synchronize udpgro tests' tx and rx connection + +From: Lucas Karpinski + +[ Upstream commit 3bdd9fd29cb0f136b307559a19c107210ad5c314 ] + +The sockets used by udpgso_bench_tx aren't always ready when +udpgso_bench_tx transmits packets. This issue is more prevalent in -rt +kernels, but can occur in both. Replace the hacky sleep calls with a +function that checks whether the ports in the namespace are ready for +use. + +Suggested-by: Paolo Abeni +Signed-off-by: Lucas Karpinski +Reviewed-by: Willem de Bruijn +Signed-off-by: David S. Miller +Stable-dep-of: 9d851dd4dab6 ("selftests: net: Remove executable bits from library scripts") +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/net_helper.sh | 22 +++++++++++++++++++++ + tools/testing/selftests/net/udpgro.sh | 13 ++++++------ + tools/testing/selftests/net/udpgro_bench.sh | 5 +++-- + 3 files changed, 31 insertions(+), 9 deletions(-) + create mode 100755 tools/testing/selftests/net/net_helper.sh + +diff --git a/tools/testing/selftests/net/net_helper.sh b/tools/testing/selftests/net/net_helper.sh +new file mode 100755 +index 0000000000000..4fe0befa13fbc +--- /dev/null ++++ b/tools/testing/selftests/net/net_helper.sh +@@ -0,0 +1,22 @@ ++#!/bin/bash ++# SPDX-License-Identifier: GPL-2.0 ++# ++# Helper functions ++ ++wait_local_port_listen() ++{ ++ local listener_ns="${1}" ++ local port="${2}" ++ local protocol="${3}" ++ local port_hex ++ local i ++ ++ port_hex="$(printf "%04X" "${port}")" ++ for i in $(seq 10); do ++ if ip netns exec "${listener_ns}" cat /proc/net/"${protocol}"* | \ ++ grep -q "${port_hex}"; then ++ break ++ fi ++ sleep 0.1 ++ done ++} +diff --git a/tools/testing/selftests/net/udpgro.sh b/tools/testing/selftests/net/udpgro.sh +index 6a443ca3cd3a4..41d85eb745b7b 100755 +--- a/tools/testing/selftests/net/udpgro.sh ++++ b/tools/testing/selftests/net/udpgro.sh +@@ -3,6 +3,8 @@ + # + # Run a series of udpgro functional tests. + ++source net_helper.sh ++ + readonly PEER_NS="ns-peer-$(mktemp -u XXXXXX)" + + # set global exit status, but never reset nonzero one. +@@ -49,8 +51,7 @@ run_one() { + echo "ok" || \ + echo "failed" & + +- # Hack: let bg programs complete the startup +- sleep 0.2 ++ wait_local_port_listen ${PEER_NS} 8000 udp + ./udpgso_bench_tx ${tx_args} + ret=$? + wait $(jobs -p) +@@ -95,7 +96,7 @@ run_one_nat() { + echo "ok" || \ + echo "failed"& + +- sleep 0.1 ++ wait_local_port_listen "${PEER_NS}" 8000 udp + ./udpgso_bench_tx ${tx_args} + ret=$? + kill -INT $pid +@@ -116,11 +117,9 @@ run_one_2sock() { + echo "ok" || \ + echo "failed" & + +- # Hack: let bg programs complete the startup +- sleep 0.2 ++ wait_local_port_listen "${PEER_NS}" 12345 udp + ./udpgso_bench_tx ${tx_args} -p 12345 +- sleep 0.1 +- # first UDP GSO socket should be closed at this point ++ wait_local_port_listen "${PEER_NS}" 8000 udp + ./udpgso_bench_tx ${tx_args} + ret=$? + wait $(jobs -p) +diff --git a/tools/testing/selftests/net/udpgro_bench.sh b/tools/testing/selftests/net/udpgro_bench.sh +index 8a1109a545dba..12e7b48355b27 100755 +--- a/tools/testing/selftests/net/udpgro_bench.sh ++++ b/tools/testing/selftests/net/udpgro_bench.sh +@@ -3,6 +3,8 @@ + # + # Run a series of udpgro benchmarks + ++source net_helper.sh ++ + readonly PEER_NS="ns-peer-$(mktemp -u XXXXXX)" + + cleanup() { +@@ -38,8 +40,7 @@ run_one() { + ip netns exec "${PEER_NS}" ./udpgso_bench_rx ${rx_args} -r & + ip netns exec "${PEER_NS}" ./udpgso_bench_rx -t ${rx_args} -r & + +- # Hack: let bg programs complete the startup +- sleep 0.2 ++ wait_local_port_listen "${PEER_NS}" 8000 udp + ./udpgso_bench_tx ${tx_args} + } + +-- +2.43.0 + diff --git a/queue-5.15/series b/queue-5.15/series index 68a997e3f58..82e5579dac5 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -589,3 +589,13 @@ perf-report-fix-segfault-when-sym-sort-key-is-not-used.patch clk-imx6ul-fix-failed-to-get-parent-error.patch alsa-usb-audio-fix-possible-null-pointer-dereference-in-snd_usb_pcm_has_fixed_rate.patch unicode-don-t-special-case-ignorable-code-points.patch +net-ethernet-cortina-drop-tso-support.patch +tracing-remove-precision-vsnprintf-check-from-print-.patch +drm-crtc-fix-uninitialized-variable-use-even-harder.patch +tracing-have-saved_cmdlines-arrays-all-in-one-alloca.patch +selftests-net-give-more-time-to-udpgro-bg-processes-.patch +selftests-net-synchronize-udpgro-tests-tx-and-rx-con.patch +selftests-net-remove-executable-bits-from-library-sc.patch +fs-ntfs3-refactor-enum_rstbl-to-suppress-static-chec.patch +virtio_console-fix-misc-probe-bugs.patch +input-synaptics-rmi4-fix-uaf-of-irq-domain-on-driver.patch diff --git a/queue-5.15/tracing-have-saved_cmdlines-arrays-all-in-one-alloca.patch b/queue-5.15/tracing-have-saved_cmdlines-arrays-all-in-one-alloca.patch new file mode 100644 index 00000000000..5e205a31cc2 --- /dev/null +++ b/queue-5.15/tracing-have-saved_cmdlines-arrays-all-in-one-alloca.patch @@ -0,0 +1,104 @@ +From b0ce4fb6128cf83afc48d6cad1122f915b7a673b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Feb 2024 09:06:14 -0500 +Subject: tracing: Have saved_cmdlines arrays all in one allocation + +From: Steven Rostedt (Google) + +[ Upstream commit 0b18c852cc6fb8284ac0ab97e3e840974a6a8a64 ] + +The saved_cmdlines have three arrays for mapping PIDs to COMMs: + + - map_pid_to_cmdline[] + - map_cmdline_to_pid[] + - saved_cmdlines + +The map_pid_to_cmdline[] is PID_MAX_DEFAULT in size and holds the index +into the other arrays. The map_cmdline_to_pid[] is a mapping back to the +full pid as it can be larger than PID_MAX_DEFAULT. And the +saved_cmdlines[] just holds the COMMs associated to the pids. + +Currently the map_pid_to_cmdline[] and saved_cmdlines[] are allocated +together (in reality the saved_cmdlines is just in the memory of the +rounding of the allocation of the structure as it is always allocated in +powers of two). The map_cmdline_to_pid[] array is allocated separately. + +Since the rounding to a power of two is rather large (it allows for 8000 +elements in saved_cmdlines), also include the map_cmdline_to_pid[] array. +(This drops it to 6000 by default, which is still plenty for most use +cases). This saves even more memory as the map_cmdline_to_pid[] array +doesn't need to be allocated. + +Link: https://lore.kernel.org/linux-trace-kernel/20240212174011.068211d9@gandalf.local.home/ +Link: https://lore.kernel.org/linux-trace-kernel/20240220140703.182330529@goodmis.org + +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Cc: Andrew Morton +Cc: Tim Chen +Cc: Vincent Donnefort +Cc: Sven Schnelle +Cc: Mete Durlu +Fixes: 44dc5c41b5b1 ("tracing: Fix wasted memory in saved_cmdlines logic") +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index a1d034b7300ac..b199b0c7cba09 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -2241,6 +2241,10 @@ struct saved_cmdlines_buffer { + }; + static struct saved_cmdlines_buffer *savedcmd; + ++/* Holds the size of a cmdline and pid element */ ++#define SAVED_CMDLINE_MAP_ELEMENT_SIZE(s) \ ++ (TASK_COMM_LEN + sizeof((s)->map_cmdline_to_pid[0])) ++ + static inline char *get_saved_cmdlines(int idx) + { + return &savedcmd->saved_cmdlines[idx * TASK_COMM_LEN]; +@@ -2255,7 +2259,6 @@ static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) + { + int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN); + +- kfree(s->map_cmdline_to_pid); + kmemleak_free(s); + free_pages((unsigned long)s, order); + } +@@ -2268,7 +2271,7 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val) + int order; + + /* Figure out how much is needed to hold the given number of cmdlines */ +- orig_size = sizeof(*s) + val * TASK_COMM_LEN; ++ orig_size = sizeof(*s) + val * SAVED_CMDLINE_MAP_ELEMENT_SIZE(s); + order = get_order(orig_size); + size = 1 << (order + PAGE_SHIFT); + page = alloc_pages(GFP_KERNEL, order); +@@ -2280,16 +2283,11 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val) + memset(s, 0, sizeof(*s)); + + /* Round up to actual allocation */ +- val = (size - sizeof(*s)) / TASK_COMM_LEN; ++ val = (size - sizeof(*s)) / SAVED_CMDLINE_MAP_ELEMENT_SIZE(s); + s->cmdline_num = val; + +- s->map_cmdline_to_pid = kmalloc_array(val, +- sizeof(*s->map_cmdline_to_pid), +- GFP_KERNEL); +- if (!s->map_cmdline_to_pid) { +- free_saved_cmdlines_buffer(s); +- return NULL; +- } ++ /* Place map_cmdline_to_pid array right after saved_cmdlines */ ++ s->map_cmdline_to_pid = (unsigned *)&s->saved_cmdlines[val * TASK_COMM_LEN]; + + s->cmdline_idx = 0; + memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP, +-- +2.43.0 + diff --git a/queue-5.15/tracing-remove-precision-vsnprintf-check-from-print-.patch b/queue-5.15/tracing-remove-precision-vsnprintf-check-from-print-.patch new file mode 100644 index 00000000000..3a49fdfe47b --- /dev/null +++ b/queue-5.15/tracing-remove-precision-vsnprintf-check-from-print-.patch @@ -0,0 +1,69 @@ +From 4265e782e874121d4eda910b06a39f373debfde3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 4 Mar 2024 17:43:41 -0500 +Subject: tracing: Remove precision vsnprintf() check from print event + +From: Steven Rostedt (Google) + +[ Upstream commit 5efd3e2aef91d2d812290dcb25b2058e6f3f532c ] + +This reverts 60be76eeabb3d ("tracing: Add size check when printing +trace_marker output"). The only reason the precision check was added +was because of a bug that miscalculated the write size of the string into +the ring buffer and it truncated it removing the terminating nul byte. On +reading the trace it crashed the kernel. But this was due to the bug in +the code that happened during development and should never happen in +practice. If anything, the precision can hide bugs where the string in the +ring buffer isn't nul terminated and it will not be checked. + +Link: https://lore.kernel.org/all/C7E7AF1A-D30F-4D18-B8E5-AF1EF58004F5@linux.ibm.com/ +Link: https://lore.kernel.org/linux-trace-kernel/20240227125706.04279ac2@gandalf.local.home +Link: https://lore.kernel.org/all/20240302111244.3a1674be@gandalf.local.home/ +Link: https://lore.kernel.org/linux-trace-kernel/20240304174341.2a561d9f@gandalf.local.home + +Cc: Masami Hiramatsu +Cc: Linus Torvalds +Fixes: 60be76eeabb3d ("tracing: Add size check when printing trace_marker output") +Reported-by: Sachin Sant +Tested-by: Sachin Sant +Reviewed-by: Mathieu Desnoyers +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace_output.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c +index 4c4b84e507f74..6b4d3f3abdae2 100644 +--- a/kernel/trace/trace_output.c ++++ b/kernel/trace/trace_output.c +@@ -1446,12 +1446,11 @@ static enum print_line_t trace_print_print(struct trace_iterator *iter, + { + struct print_entry *field; + struct trace_seq *s = &iter->seq; +- int max = iter->ent_size - offsetof(struct print_entry, buf); + + trace_assign_type(field, iter->ent); + + seq_print_ip_sym(s, field->ip, flags); +- trace_seq_printf(s, ": %.*s", max, field->buf); ++ trace_seq_printf(s, ": %s", field->buf); + + return trace_handle_return(s); + } +@@ -1460,11 +1459,10 @@ static enum print_line_t trace_print_raw(struct trace_iterator *iter, int flags, + struct trace_event *event) + { + struct print_entry *field; +- int max = iter->ent_size - offsetof(struct print_entry, buf); + + trace_assign_type(field, iter->ent); + +- trace_seq_printf(&iter->seq, "# %lx %.*s", field->ip, max, field->buf); ++ trace_seq_printf(&iter->seq, "# %lx %s", field->ip, field->buf); + + return trace_handle_return(&iter->seq); + } +-- +2.43.0 + diff --git a/queue-5.15/virtio_console-fix-misc-probe-bugs.patch b/queue-5.15/virtio_console-fix-misc-probe-bugs.patch new file mode 100644 index 00000000000..fbef062fdfc --- /dev/null +++ b/queue-5.15/virtio_console-fix-misc-probe-bugs.patch @@ -0,0 +1,71 @@ +From d5cae751b3774af22c613cacb8f1c360e9bbe743 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Sep 2024 14:16:44 -0400 +Subject: virtio_console: fix misc probe bugs + +From: Michael S. Tsirkin + +[ Upstream commit b9efbe2b8f0177fa97bfab290d60858900aa196b ] + +This fixes the following issue discovered by code review: + +after vqs have been created, a buggy device can send an interrupt. + +A control vq callback will then try to schedule control_work which has +not been initialized yet. Similarly for config interrupt. Further, in +and out vq callbacks invoke find_port_by_vq which attempts to take +ports_lock which also has not been initialized. + +To fix, init all locks and work before creating vqs. + +Message-ID: +Fixes: 17634ba25544 ("virtio: console: Add a new MULTIPORT feature, support for generic ports") +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Sasha Levin +--- + drivers/char/virtio_console.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c +index 77bc993d75130..a5d38fdc25897 100644 +--- a/drivers/char/virtio_console.c ++++ b/drivers/char/virtio_console.c +@@ -2046,25 +2046,27 @@ static int virtcons_probe(struct virtio_device *vdev) + multiport = true; + } + +- err = init_vqs(portdev); +- if (err < 0) { +- dev_err(&vdev->dev, "Error %d initializing vqs\n", err); +- goto free_chrdev; +- } +- + spin_lock_init(&portdev->ports_lock); + INIT_LIST_HEAD(&portdev->ports); + INIT_LIST_HEAD(&portdev->list); + +- virtio_device_ready(portdev->vdev); +- + INIT_WORK(&portdev->config_work, &config_work_handler); + INIT_WORK(&portdev->control_work, &control_work_handler); + + if (multiport) { + spin_lock_init(&portdev->c_ivq_lock); + spin_lock_init(&portdev->c_ovq_lock); ++ } + ++ err = init_vqs(portdev); ++ if (err < 0) { ++ dev_err(&vdev->dev, "Error %d initializing vqs\n", err); ++ goto free_chrdev; ++ } ++ ++ virtio_device_ready(portdev->vdev); ++ ++ if (multiport) { + err = fill_queue(portdev->c_ivq, &portdev->c_ivq_lock); + if (err < 0) { + dev_err(&vdev->dev, +-- +2.43.0 +