From: Greg Kroah-Hartman Date: Wed, 5 Feb 2025 11:00:25 +0000 (+0100) Subject: 6.12-stable patches X-Git-Tag: v6.6.76~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=47f9d0464e17c1155dbed53a51c278c504cbe1d8;p=thirdparty%2Fkernel%2Fstable-queue.git 6.12-stable patches added patches: dma-mapping-save-base-size-instead-of-pointer-to-shared-dma-pool.patch ethtool-fix-access-to-uninitialized-fields-in-set-rxnfc-command.patch of-reserved-memory-warn-for-missing-static-reserved-memory-regions.patch phy-freescale-fsl-samsung-hdmi-fix-64-by-32-division-cocci-warnings.patch xfrm-add-error-handling-when-nla_put_u32-returns-an-error.patch xfrm-fix-acquire-state-insertion.patch --- diff --git a/queue-6.12/dma-mapping-save-base-size-instead-of-pointer-to-shared-dma-pool.patch b/queue-6.12/dma-mapping-save-base-size-instead-of-pointer-to-shared-dma-pool.patch new file mode 100644 index 0000000000..6fdab3583e --- /dev/null +++ b/queue-6.12/dma-mapping-save-base-size-instead-of-pointer-to-shared-dma-pool.patch @@ -0,0 +1,96 @@ +From 22293c33738c14bb84b9d3e771bc37150e7cf8e7 Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Tue, 12 Nov 2024 19:39:37 +0100 +Subject: dma-mapping: save base/size instead of pointer to shared DMA pool + +From: Geert Uytterhoeven + +commit 22293c33738c14bb84b9d3e771bc37150e7cf8e7 upstream. + +On RZ/Five, which is non-coherent, and uses CONFIG_DMA_GLOBAL_POOL=y: + + Oops - store (or AMO) access fault [#1] + CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-rc1-00015-g8a6e02d0c00e #201 + Hardware name: Renesas SMARC EVK based on r9a07g043f01 (DT) + epc : __memset+0x60/0x100 + ra : __dma_alloc_from_coherent+0x150/0x17a + epc : ffffffff8062d2bc ra : ffffffff80053a94 sp : ffffffc60000ba20 + gp : ffffffff812e9938 tp : ffffffd601920000 t0 : ffffffc6000d0000 + t1 : 0000000000000000 t2 : ffffffffe9600000 s0 : ffffffc60000baa0 + s1 : ffffffc6000d0000 a0 : ffffffc6000d0000 a1 : 0000000000000000 + a2 : 0000000000001000 a3 : ffffffc6000d1000 a4 : 0000000000000000 + a5 : 0000000000000000 a6 : ffffffd601adacc0 a7 : ffffffd601a841a8 + s2 : ffffffd6018573c0 s3 : 0000000000001000 s4 : ffffffd6019541e0 + s5 : 0000000200000022 s6 : ffffffd6018f8410 s7 : ffffffd6018573e8 + s8 : 0000000000000001 s9 : 0000000000000001 s10: 0000000000000010 + s11: 0000000000000000 t3 : 0000000000000000 t4 : ffffffffdefe62d1 + t5 : 000000001cd6a3a9 t6 : ffffffd601b2aad6 + status: 0000000200000120 badaddr: ffffffc6000d0000 cause: 0000000000000007 + [] __memset+0x60/0x100 + [] dma_alloc_from_global_coherent+0x1c/0x28 + [] dma_direct_alloc+0x98/0x112 + [] dma_alloc_attrs+0x78/0x86 + [] rz_dmac_probe+0x3f6/0x50a + [] platform_probe+0x4c/0x8a + +If CONFIG_DMA_GLOBAL_POOL=y, the reserved_mem structure passed to +rmem_dma_setup() is saved for later use, by saving the passed pointer. +However, when dma_init_reserved_memory() is called later, the pointer +has become stale, causing a crash. + +E.g. in the RZ/Five case, the referenced memory now contains the +reserved_mem structure for the "mmode_resv0@30000" node (with base +0x30000 and size 0x10000), instead of the correct "pma_resv0@58000000" +node (with base 0x58000000 and size 0x8000000). + +Fix this by saving the needed reserved_mem structure's contents instead. + +Fixes: 8a6e02d0c00e7b62 ("of: reserved_mem: Restructure how the reserved memory regions are processed") +Signed-off-by: Geert Uytterhoeven +Reviewed-by: Oreoluwa Babatunde +Tested-by: Lad Prabhakar +Signed-off-by: Christoph Hellwig +Signed-off-by: Greg Kroah-Hartman +--- + kernel/dma/coherent.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +--- a/kernel/dma/coherent.c ++++ b/kernel/dma/coherent.c +@@ -330,7 +330,8 @@ int dma_init_global_coherent(phys_addr_t + #include + + #ifdef CONFIG_DMA_GLOBAL_POOL +-static struct reserved_mem *dma_reserved_default_memory __initdata; ++static phys_addr_t dma_reserved_default_memory_base __initdata; ++static phys_addr_t dma_reserved_default_memory_size __initdata; + #endif + + static int rmem_dma_device_init(struct reserved_mem *rmem, struct device *dev) +@@ -376,9 +377,10 @@ static int __init rmem_dma_setup(struct + + #ifdef CONFIG_DMA_GLOBAL_POOL + if (of_get_flat_dt_prop(node, "linux,dma-default", NULL)) { +- WARN(dma_reserved_default_memory, ++ WARN(dma_reserved_default_memory_size, + "Reserved memory: region for default DMA coherent area is redefined\n"); +- dma_reserved_default_memory = rmem; ++ dma_reserved_default_memory_base = rmem->base; ++ dma_reserved_default_memory_size = rmem->size; + } + #endif + +@@ -391,10 +393,10 @@ static int __init rmem_dma_setup(struct + #ifdef CONFIG_DMA_GLOBAL_POOL + static int __init dma_init_reserved_memory(void) + { +- if (!dma_reserved_default_memory) ++ if (!dma_reserved_default_memory_size) + return -ENOMEM; +- return dma_init_global_coherent(dma_reserved_default_memory->base, +- dma_reserved_default_memory->size); ++ return dma_init_global_coherent(dma_reserved_default_memory_base, ++ dma_reserved_default_memory_size); + } + core_initcall(dma_init_reserved_memory); + #endif /* CONFIG_DMA_GLOBAL_POOL */ diff --git a/queue-6.12/ethtool-fix-access-to-uninitialized-fields-in-set-rxnfc-command.patch b/queue-6.12/ethtool-fix-access-to-uninitialized-fields-in-set-rxnfc-command.patch new file mode 100644 index 0000000000..b4673a5848 --- /dev/null +++ b/queue-6.12/ethtool-fix-access-to-uninitialized-fields-in-set-rxnfc-command.patch @@ -0,0 +1,45 @@ +From 94071909477677fc2a1abf3fb281f203f66cf3ca Mon Sep 17 00:00:00 2001 +From: Gal Pressman +Date: Mon, 2 Dec 2024 18:48:05 +0200 +Subject: ethtool: Fix access to uninitialized fields in set RXNFC command + +From: Gal Pressman + +commit 94071909477677fc2a1abf3fb281f203f66cf3ca upstream. + +The check for non-zero ring with RSS is only relevant for +ETHTOOL_SRXCLSRLINS command, in other cases the check tries to access +memory which was not initialized by the userspace tool. Only perform the +check in case of ETHTOOL_SRXCLSRLINS. + +Without this patch, filter deletion (for example) could statistically +result in a false error: + # ethtool --config-ntuple eth3 delete 484 + rmgr: Cannot delete RX class rule: Invalid argument + Cannot delete classification rule + +Fixes: 9e43ad7a1ede ("net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in") +Link: https://lore.kernel.org/netdev/871a9ecf-1e14-40dd-bbd7-e90c92f89d47@nvidia.com/ +Reviewed-by: Dragos Tatulea +Reviewed-by: Tariq Toukan +Signed-off-by: Gal Pressman +Reviewed-by: Edward Cree +Link: https://patch.msgid.link/20241202164805.1637093-1-gal@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ethtool/ioctl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/ethtool/ioctl.c ++++ b/net/ethtool/ioctl.c +@@ -993,7 +993,8 @@ static noinline_for_stack int ethtool_se + return rc; + + /* Nonzero ring with RSS only makes sense if NIC adds them together */ +- if (info.flow_type & FLOW_RSS && !ops->cap_rss_rxnfc_adds && ++ if (cmd == ETHTOOL_SRXCLSRLINS && info.flow_type & FLOW_RSS && ++ !ops->cap_rss_rxnfc_adds && + ethtool_get_flow_spec_ring(info.fs.ring_cookie)) + return -EINVAL; + diff --git a/queue-6.12/of-reserved-memory-warn-for-missing-static-reserved-memory-regions.patch b/queue-6.12/of-reserved-memory-warn-for-missing-static-reserved-memory-regions.patch new file mode 100644 index 0000000000..694029d638 --- /dev/null +++ b/queue-6.12/of-reserved-memory-warn-for-missing-static-reserved-memory-regions.patch @@ -0,0 +1,41 @@ +From 81dfedd5234b42df11a473eefe7328ea4a0416ad Mon Sep 17 00:00:00 2001 +From: Zijun Hu +Date: Tue, 14 Jan 2025 23:23:04 +0800 +Subject: of: reserved-memory: Warn for missing static reserved memory regions + +From: Zijun Hu + +commit 81dfedd5234b42df11a473eefe7328ea4a0416ad upstream. + +For child node of /reserved-memory, its property 'reg' may contain +multiple regions, but fdt_scan_reserved_mem_reg_nodes() only takes +into account the first region, and miss remaining regions. + +But there are no simple approach to fix it, so give user warning +message when miss remaining regions. + +Fixes: 8a6e02d0c00e ("of: reserved_mem: Restructure how the reserved memory regions are processed") +Cc: stable@vger.kernel.org +Signed-off-by: Zijun Hu +Reviewed-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20250114-of_core_fix-v5-2-b8bafd00a86f@quicinc.com +Signed-off-by: Rob Herring (Arm) +Signed-off-by: Greg Kroah-Hartman +--- + drivers/of/of_reserved_mem.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/of/of_reserved_mem.c ++++ b/drivers/of/of_reserved_mem.c +@@ -214,6 +214,11 @@ void __init fdt_scan_reserved_mem_reg_no + uname); + continue; + } ++ ++ if (len > t_len) ++ pr_warn("%s() ignores %d regions in node '%s'\n", ++ __func__, len / t_len - 1, uname); ++ + base = dt_mem_next_cell(dt_root_addr_cells, &prop); + size = dt_mem_next_cell(dt_root_size_cells, &prop); + diff --git a/queue-6.12/phy-freescale-fsl-samsung-hdmi-fix-64-by-32-division-cocci-warnings.patch b/queue-6.12/phy-freescale-fsl-samsung-hdmi-fix-64-by-32-division-cocci-warnings.patch new file mode 100644 index 0000000000..f012754c6f --- /dev/null +++ b/queue-6.12/phy-freescale-fsl-samsung-hdmi-fix-64-by-32-division-cocci-warnings.patch @@ -0,0 +1,39 @@ +From 739214dd1c209e34323814fb815fb17cccb9f95b Mon Sep 17 00:00:00 2001 +From: Adam Ford +Date: Sun, 15 Dec 2024 16:05:55 -0600 +Subject: phy: freescale: fsl-samsung-hdmi: Fix 64-by-32 division cocci warnings + +From: Adam Ford + +commit 739214dd1c209e34323814fb815fb17cccb9f95b upstream. + +The Kernel test robot returns the following warning: + do_div() does a 64-by-32 division, please consider using div64_ul instead. + +To prevent the 64-by-32 divsion, consolidate both the multiplication +and the do_div into one line which explicitly uses u64 sizes. + +Fixes: 1951dbb41d1d ("phy: freescale: fsl-samsung-hdmi: Support dynamic integer") +Signed-off-by: Adam Ford +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202412091243.fSObwwPi-lkp@intel.com/ +Signed-off-by: Greg Kroah-Hartman + +Link: https://lore.kernel.org/r/20241215220555.99113-1-aford173@gmail.com +Signed-off-by: Vinod Koul +--- + drivers/phy/freescale/phy-fsl-samsung-hdmi.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/phy/freescale/phy-fsl-samsung-hdmi.c ++++ b/drivers/phy/freescale/phy-fsl-samsung-hdmi.c +@@ -471,8 +471,7 @@ static unsigned long fsl_samsung_hdmi_ph + * Fvco = (M * f_ref) / P, + * where f_ref is 24MHz. + */ +- tmp = (u64)_m * 24 * MHZ; +- do_div(tmp, _p); ++ tmp = div64_ul((u64)_m * 24 * MHZ, _p); + if (tmp < 750 * MHZ || + tmp > 3000 * MHZ) + continue; diff --git a/queue-6.12/series b/queue-6.12/series index ca35d6dc9c..a7d45ef1cf 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -573,3 +573,9 @@ media-imx-jpeg-fix-potential-error-pointer-dereference-in-detach_pm.patch powerpc-pseries-iommu-don-t-unset-window-if-it-was-never-set.patch md-md-bitmap-synchronize-bitmap_get_stats-with-bitmap-lifetime.patch btrfs-output-the-reason-for-open_ctree-failure.patch +of-reserved-memory-warn-for-missing-static-reserved-memory-regions.patch +dma-mapping-save-base-size-instead-of-pointer-to-shared-dma-pool.patch +xfrm-add-error-handling-when-nla_put_u32-returns-an-error.patch +xfrm-fix-acquire-state-insertion.patch +ethtool-fix-access-to-uninitialized-fields-in-set-rxnfc-command.patch +phy-freescale-fsl-samsung-hdmi-fix-64-by-32-division-cocci-warnings.patch diff --git a/queue-6.12/xfrm-add-error-handling-when-nla_put_u32-returns-an-error.patch b/queue-6.12/xfrm-add-error-handling-when-nla_put_u32-returns-an-error.patch new file mode 100644 index 0000000000..0017d69a05 --- /dev/null +++ b/queue-6.12/xfrm-add-error-handling-when-nla_put_u32-returns-an-error.patch @@ -0,0 +1,43 @@ +From 9d287e70c51f1c141ac588add261ed2efdd6fc6b Mon Sep 17 00:00:00 2001 +From: "Everest K.C" +Date: Tue, 12 Nov 2024 16:36:06 -0700 +Subject: xfrm: Add error handling when nla_put_u32() returns an error + +From: Everest K.C + +commit 9d287e70c51f1c141ac588add261ed2efdd6fc6b upstream. + +Error handling is missing when call to nla_put_u32() fails. +Handle the error when the call to nla_put_u32() returns an error. + +The error was reported by Coverity Scan. +Report: +CID 1601525: (#1 of 1): Unused value (UNUSED_VALUE) +returned_value: Assigning value from nla_put_u32(skb, XFRMA_SA_PCPU, x->pcpu_num) +to err here, but that stored value is overwritten before it can be used + +Fixes: 1ddf9916ac09 ("xfrm: Add support for per cpu xfrm state handling.") +Signed-off-by: Everest K.C. +Reviewed-by: Simon Horman +Reviewed-by: Przemek Kitszel +Signed-off-by: Steffen Klassert +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_user.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/net/xfrm/xfrm_user.c ++++ b/net/xfrm/xfrm_user.c +@@ -2609,8 +2609,11 @@ static int build_aevent(struct sk_buff * + err = xfrm_if_id_put(skb, x->if_id); + if (err) + goto out_cancel; +- if (x->pcpu_num != UINT_MAX) ++ if (x->pcpu_num != UINT_MAX) { + err = nla_put_u32(skb, XFRMA_SA_PCPU, x->pcpu_num); ++ if (err) ++ goto out_cancel; ++ } + + if (x->dir) { + err = nla_put_u8(skb, XFRMA_SA_DIR, x->dir); diff --git a/queue-6.12/xfrm-fix-acquire-state-insertion.patch b/queue-6.12/xfrm-fix-acquire-state-insertion.patch new file mode 100644 index 0000000000..a1f746cd99 --- /dev/null +++ b/queue-6.12/xfrm-fix-acquire-state-insertion.patch @@ -0,0 +1,32 @@ +From a35672819f8d85e2ae38b80d40b923e3ef81e4ea Mon Sep 17 00:00:00 2001 +From: Steffen Klassert +Date: Thu, 14 Nov 2024 12:06:56 +0100 +Subject: xfrm: Fix acquire state insertion. + +From: Steffen Klassert + +commit a35672819f8d85e2ae38b80d40b923e3ef81e4ea upstream. + +A recent commit jumped over the dst hash computation and +left the symbol uninitialized. Fix this by explicitly +computing the dst hash before it is used. + +Fixes: 0045e3d80613 ("xfrm: Cache used outbound xfrm states at the policy.") +Reported-by: Dan Carpenter +Reviewed-by: Simon Horman +Signed-off-by: Steffen Klassert +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_state.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/xfrm/xfrm_state.c ++++ b/net/xfrm/xfrm_state.c +@@ -1512,6 +1512,7 @@ found: + x->km.state = XFRM_STATE_ACQ; + x->dir = XFRM_SA_DIR_OUT; + list_add(&x->km.all, &net->xfrm.state_all); ++ h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family); + XFRM_STATE_INSERT(bydst, &x->bydst, + net->xfrm.state_bydst + h, + x->xso.type);