From: Greg Kroah-Hartman Date: Fri, 24 Sep 2021 09:05:13 +0000 (+0200) Subject: 5.14-stable patches X-Git-Tag: v4.4.285~35 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66e63684a94ad6c31a43c6ec1331c6d2f9683986;p=thirdparty%2Fkernel%2Fstable-queue.git 5.14-stable patches added patches: coredump-fix-memleak-in-dump_vma_snapshot.patch dmaengine-acpi-avoid-comparison-gsi-with-linux-virq.patch rdma-hns-enable-stash-feature-of-hip09.patch rdma-mlx5-fix-xlt_chunk_align-calculation.patch staging-rtl8192u-fix-bitwise-vs-logical-operator-in-translaterxsignalstuff819xusb.patch um-fix-stub-location-calculation.patch um-virtio_uml-fix-memory-leak-on-init-failures.patch --- diff --git a/queue-5.14/coredump-fix-memleak-in-dump_vma_snapshot.patch b/queue-5.14/coredump-fix-memleak-in-dump_vma_snapshot.patch new file mode 100644 index 00000000000..e61a70530d5 --- /dev/null +++ b/queue-5.14/coredump-fix-memleak-in-dump_vma_snapshot.patch @@ -0,0 +1,39 @@ +From 6fcac87e1f9e5b27805a2a404f4849194bb51de8 Mon Sep 17 00:00:00 2001 +From: QiuXi +Date: Tue, 7 Sep 2021 20:00:32 -0700 +Subject: coredump: fix memleak in dump_vma_snapshot() + +From: QiuXi + +commit 6fcac87e1f9e5b27805a2a404f4849194bb51de8 upstream. + +dump_vma_snapshot() allocs memory for *vma_meta, when dump_vma_snapshot() +returns -EFAULT, the memory will be leaked, so we free it correctly. + +Link: https://lkml.kernel.org/r/20210810020441.62806-1-qiuxi1@huawei.com +Fixes: a07279c9a8cd7 ("binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot") +Signed-off-by: QiuXi +Cc: Al Viro +Cc: Jann Horn +Cc: Greg Kroah-Hartman +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/coredump.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/coredump.c ++++ b/fs/coredump.c +@@ -1127,8 +1127,10 @@ int dump_vma_snapshot(struct coredump_pa + + mmap_write_unlock(mm); + +- if (WARN_ON(i != *vma_count)) ++ if (WARN_ON(i != *vma_count)) { ++ kvfree(*vma_meta); + return -EFAULT; ++ } + + *vma_data_size_ptr = vma_data_size; + return 0; diff --git a/queue-5.14/dmaengine-acpi-avoid-comparison-gsi-with-linux-virq.patch b/queue-5.14/dmaengine-acpi-avoid-comparison-gsi-with-linux-virq.patch new file mode 100644 index 00000000000..bebd2221e29 --- /dev/null +++ b/queue-5.14/dmaengine-acpi-avoid-comparison-gsi-with-linux-virq.patch @@ -0,0 +1,42 @@ +From 67db87dc8284070adb15b3c02c1c31d5cf51c5d6 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Fri, 30 Jul 2021 23:27:15 +0300 +Subject: dmaengine: acpi: Avoid comparison GSI with Linux vIRQ + +From: Andy Shevchenko + +commit 67db87dc8284070adb15b3c02c1c31d5cf51c5d6 upstream. + +Currently the CRST parsing relies on the fact that on most of x86 devices +the IRQ mapping is 1:1 with Linux vIRQ. However, it may be not true for +some. Fix this by converting GSI to Linux vIRQ before checking it. + +Fixes: ee8209fd026b ("dma: acpi-dma: parse CSRT to extract additional resources") +Signed-off-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20210730202715.24375-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/acpi-dma.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/drivers/dma/acpi-dma.c ++++ b/drivers/dma/acpi-dma.c +@@ -70,10 +70,14 @@ static int acpi_dma_parse_resource_group + + si = (const struct acpi_csrt_shared_info *)&grp[1]; + +- /* Match device by MMIO and IRQ */ ++ /* Match device by MMIO */ + if (si->mmio_base_low != lower_32_bits(mem) || +- si->mmio_base_high != upper_32_bits(mem) || +- si->gsi_interrupt != irq) ++ si->mmio_base_high != upper_32_bits(mem)) ++ return 0; ++ ++ /* Match device by Linux vIRQ */ ++ ret = acpi_register_gsi(NULL, si->gsi_interrupt, si->interrupt_mode, si->interrupt_polarity); ++ if (ret != irq) + return 0; + + dev_dbg(&adev->dev, "matches with %.4s%04X (rev %u)\n", diff --git a/queue-5.14/rdma-hns-enable-stash-feature-of-hip09.patch b/queue-5.14/rdma-hns-enable-stash-feature-of-hip09.patch new file mode 100644 index 00000000000..0b6acf0da80 --- /dev/null +++ b/queue-5.14/rdma-hns-enable-stash-feature-of-hip09.patch @@ -0,0 +1,32 @@ +From 260f64a40198309008026447f7fda277a73ed8c3 Mon Sep 17 00:00:00 2001 +From: Yixing Liu +Date: Sat, 21 Aug 2021 17:53:26 +0800 +Subject: RDMA/hns: Enable stash feature of HIP09 + +From: Yixing Liu + +commit 260f64a40198309008026447f7fda277a73ed8c3 upstream. + +The stash feature is enabled by default on HIP09. + +Fixes: f93c39bc9547 ("RDMA/hns: Add support for QP stash") +Fixes: bfefae9f108d ("RDMA/hns: Add support for CQ stash") +Link: https://lore.kernel.org/r/1629539607-33217-3-git-send-email-liangwenpeng@huawei.com +Signed-off-by: Yixing Liu +Signed-off-by: Wenpeng Liang +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c ++++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c +@@ -2004,6 +2004,7 @@ static void set_default_caps(struct hns_ + caps->gid_table_len[0] = HNS_ROCE_V2_GID_INDEX_NUM; + + if (hr_dev->pci_dev->revision >= PCI_REVISION_ID_HIP09) { ++ caps->flags |= HNS_ROCE_CAP_FLAG_STASH; + caps->max_sq_inline = HNS_ROCE_V3_MAX_SQ_INLINE; + } else { + caps->max_sq_inline = HNS_ROCE_V2_MAX_SQ_INLINE; diff --git a/queue-5.14/rdma-mlx5-fix-xlt_chunk_align-calculation.patch b/queue-5.14/rdma-mlx5-fix-xlt_chunk_align-calculation.patch new file mode 100644 index 00000000000..51a348df196 --- /dev/null +++ b/queue-5.14/rdma-mlx5-fix-xlt_chunk_align-calculation.patch @@ -0,0 +1,34 @@ +From f4c6f31011eafe027abddf6cee1288a1b5a05b73 Mon Sep 17 00:00:00 2001 +From: Niklas Schnelle +Date: Wed, 8 Sep 2021 10:18:49 +0200 +Subject: RDMA/mlx5: Fix xlt_chunk_align calculation + +From: Niklas Schnelle + +commit f4c6f31011eafe027abddf6cee1288a1b5a05b73 upstream. + +The XLT chunk alignment depends on ent_size not sizeof(ent_size) aka +sizeof(size_t). The incoming ent_size is either 8 or 16, so the +miscalculation when 16 is required is only an over-alignment and +functional harmless. + +Fixes: 8010d74b9965 ("RDMA/mlx5: Split the WR setup out of mlx5_ib_update_xlt()") +Link: https://lore.kernel.org/r/20210908081849.7948-2-schnelle@linux.ibm.com +Signed-off-by: Niklas Schnelle +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/mlx5/mr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/infiniband/hw/mlx5/mr.c ++++ b/drivers/infiniband/hw/mlx5/mr.c +@@ -995,7 +995,7 @@ static struct mlx5_ib_mr *alloc_cacheabl + static void *mlx5_ib_alloc_xlt(size_t *nents, size_t ent_size, gfp_t gfp_mask) + { + const size_t xlt_chunk_align = +- MLX5_UMR_MTT_ALIGNMENT / sizeof(ent_size); ++ MLX5_UMR_MTT_ALIGNMENT / ent_size; + size_t size; + void *res = NULL; + diff --git a/queue-5.14/series b/queue-5.14/series index 1bc09bf8e93..0b8b4c8ab85 100644 --- a/queue-5.14/series +++ b/queue-5.14/series @@ -1,3 +1,10 @@ pci-pci-bridge-emul-add-pcie-root-capabilities-register.patch pci-aardvark-fix-reporting-crs-value.patch console-consume-apc-dm-dcs.patch +staging-rtl8192u-fix-bitwise-vs-logical-operator-in-translaterxsignalstuff819xusb.patch +um-fix-stub-location-calculation.patch +coredump-fix-memleak-in-dump_vma_snapshot.patch +um-virtio_uml-fix-memory-leak-on-init-failures.patch +rdma-hns-enable-stash-feature-of-hip09.patch +rdma-mlx5-fix-xlt_chunk_align-calculation.patch +dmaengine-acpi-avoid-comparison-gsi-with-linux-virq.patch diff --git a/queue-5.14/staging-rtl8192u-fix-bitwise-vs-logical-operator-in-translaterxsignalstuff819xusb.patch b/queue-5.14/staging-rtl8192u-fix-bitwise-vs-logical-operator-in-translaterxsignalstuff819xusb.patch new file mode 100644 index 00000000000..aaa455fac24 --- /dev/null +++ b/queue-5.14/staging-rtl8192u-fix-bitwise-vs-logical-operator-in-translaterxsignalstuff819xusb.patch @@ -0,0 +1,40 @@ +From 099ec97ac92911abfb102bb5c68ed270fc12e0dd Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Sat, 14 Aug 2021 16:56:26 -0700 +Subject: staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() + +From: Nathan Chancellor + +commit 099ec97ac92911abfb102bb5c68ed270fc12e0dd upstream. + +clang warns: + +drivers/staging/rtl8192u/r8192U_core.c:4268:20: warning: bitwise and of +boolean expressions; did you mean logical and? [-Wbool-operation-and] + bpacket_toself = bpacket_match_bssid & + ^~~~~~~~~~~~~~~~~~~~~ + && +1 warning generated. + +Replace the bitwise AND with a logical one to clear up the warning, as +that is clearly what was intended. + +Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging") +Signed-off-by: Nathan Chancellor +Link: https://lore.kernel.org/r/20210814235625.1780033-1-nathan@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/rtl8192u/r8192U_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/rtl8192u/r8192U_core.c ++++ b/drivers/staging/rtl8192u/r8192U_core.c +@@ -4265,7 +4265,7 @@ static void TranslateRxSignalStuff819xUs + bpacket_match_bssid = (type != IEEE80211_FTYPE_CTL) && + (ether_addr_equal(priv->ieee80211->current_network.bssid, (fc & IEEE80211_FCTL_TODS) ? hdr->addr1 : (fc & IEEE80211_FCTL_FROMDS) ? hdr->addr2 : hdr->addr3)) + && (!pstats->bHwError) && (!pstats->bCRC) && (!pstats->bICV); +- bpacket_toself = bpacket_match_bssid & ++ bpacket_toself = bpacket_match_bssid && + (ether_addr_equal(praddr, priv->ieee80211->dev->dev_addr)); + + if (WLAN_FC_GET_FRAMETYPE(fc) == IEEE80211_STYPE_BEACON) diff --git a/queue-5.14/um-fix-stub-location-calculation.patch b/queue-5.14/um-fix-stub-location-calculation.patch new file mode 100644 index 00000000000..a7ba34e3625 --- /dev/null +++ b/queue-5.14/um-fix-stub-location-calculation.patch @@ -0,0 +1,98 @@ +From adf9ae0d159d3dc94f58d788fc4757c8749ac0df Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 13 Jul 2021 23:47:10 +0200 +Subject: um: fix stub location calculation + +From: Johannes Berg + +commit adf9ae0d159d3dc94f58d788fc4757c8749ac0df upstream. + +In commit 9f0b4807a44f ("um: rework userspace stubs to not hard-code +stub location") I changed stub_segv_handler() to do a calculation with +a pointer to a stack variable to find the data page that we're using +for the stack and the rest of the data. This same commit was meant to +do it as well for stub_clone_handler(), but the change inadvertently +went into commit 84b2789d6115 ("um: separate child and parent errors +in clone stub") instead. + +This was reported to not be compiled correctly by gcc 5, causing the +code to crash here. I'm not sure why, perhaps it's UB because the var +isn't initialized? In any case, this trick always seemed bad, so just +create a new inline function that does the calculation in assembly. + +Reported-by: subashab@codeaurora.org +Fixes: 9f0b4807a44f ("um: rework userspace stubs to not hard-code stub location") +Fixes: 84b2789d6115 ("um: separate child and parent errors in clone stub") +Signed-off-by: Johannes Berg +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/kernel/skas/clone.c | 3 +-- + arch/x86/um/shared/sysdep/stub_32.h | 12 ++++++++++++ + arch/x86/um/shared/sysdep/stub_64.h | 12 ++++++++++++ + arch/x86/um/stub_segv.c | 3 +-- + 4 files changed, 26 insertions(+), 4 deletions(-) + +--- a/arch/um/kernel/skas/clone.c ++++ b/arch/um/kernel/skas/clone.c +@@ -24,8 +24,7 @@ + void __attribute__ ((__section__ (".__syscall_stub"))) + stub_clone_handler(void) + { +- int stack; +- struct stub_data *data = (void *) ((unsigned long)&stack & ~(UM_KERN_PAGE_SIZE - 1)); ++ struct stub_data *data = get_stub_page(); + long err; + + err = stub_syscall2(__NR_clone, CLONE_PARENT | CLONE_FILES | SIGCHLD, +--- a/arch/x86/um/shared/sysdep/stub_32.h ++++ b/arch/x86/um/shared/sysdep/stub_32.h +@@ -101,4 +101,16 @@ static inline void remap_stack_and_trap( + "memory"); + } + ++static __always_inline void *get_stub_page(void) ++{ ++ unsigned long ret; ++ ++ asm volatile ( ++ "movl %%esp,%0 ;" ++ "andl %1,%0" ++ : "=a" (ret) ++ : "g" (~(UM_KERN_PAGE_SIZE - 1))); ++ ++ return (void *)ret; ++} + #endif +--- a/arch/x86/um/shared/sysdep/stub_64.h ++++ b/arch/x86/um/shared/sysdep/stub_64.h +@@ -108,4 +108,16 @@ static inline void remap_stack_and_trap( + __syscall_clobber, "r10", "r8", "r9"); + } + ++static __always_inline void *get_stub_page(void) ++{ ++ unsigned long ret; ++ ++ asm volatile ( ++ "movq %%rsp,%0 ;" ++ "andq %1,%0" ++ : "=a" (ret) ++ : "g" (~(UM_KERN_PAGE_SIZE - 1))); ++ ++ return (void *)ret; ++} + #endif +--- a/arch/x86/um/stub_segv.c ++++ b/arch/x86/um/stub_segv.c +@@ -11,9 +11,8 @@ + void __attribute__ ((__section__ (".__syscall_stub"))) + stub_segv_handler(int sig, siginfo_t *info, void *p) + { +- int stack; ++ struct faultinfo *f = get_stub_page(); + ucontext_t *uc = p; +- struct faultinfo *f = (void *)(((unsigned long)&stack) & ~(UM_KERN_PAGE_SIZE - 1)); + + GET_FAULTINFO_FROM_MC(*f, &uc->uc_mcontext); + trap_myself(); diff --git a/queue-5.14/um-virtio_uml-fix-memory-leak-on-init-failures.patch b/queue-5.14/um-virtio_uml-fix-memory-leak-on-init-failures.patch new file mode 100644 index 00000000000..ef62d1b3efc --- /dev/null +++ b/queue-5.14/um-virtio_uml-fix-memory-leak-on-init-failures.patch @@ -0,0 +1,41 @@ +From 7ad28e0df7ee9dbcb793bb88dd81d4d22bb9a10e Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Fri, 25 Jun 2021 10:34:37 +0200 +Subject: um: virtio_uml: fix memory leak on init failures + +From: Johannes Berg + +commit 7ad28e0df7ee9dbcb793bb88dd81d4d22bb9a10e upstream. + +If initialization fails, e.g. because the connection failed, +we leak the 'vu_dev'. Fix that. Reported by smatch. + +Fixes: 5d38f324993f ("um: drivers: Add virtio vhost-user driver") +Signed-off-by: Johannes Berg +Acked-By: Anton Ivanov +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/drivers/virtio_uml.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/um/drivers/virtio_uml.c ++++ b/arch/um/drivers/virtio_uml.c +@@ -1139,7 +1139,7 @@ static int virtio_uml_probe(struct platf + rc = os_connect_socket(pdata->socket_path); + } while (rc == -EINTR); + if (rc < 0) +- return rc; ++ goto error_free; + vu_dev->sock = rc; + + spin_lock_init(&vu_dev->sock_lock); +@@ -1160,6 +1160,8 @@ static int virtio_uml_probe(struct platf + + error_init: + os_close_file(vu_dev->sock); ++error_free: ++ kfree(vu_dev); + return rc; + } +