From: Sasha Levin Date: Sun, 25 Sep 2022 14:30:25 +0000 (-0400) Subject: Fixes for 5.4 X-Git-Tag: v4.9.330~44 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=799bb2d601c9f47ece9d5c9499a2d5cd32e30880;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/cifs-always-initialize-struct-msghdr-smb_msg-complet.patch b/queue-5.4/cifs-always-initialize-struct-msghdr-smb_msg-complet.patch new file mode 100644 index 00000000000..20fe2175422 --- /dev/null +++ b/queue-5.4/cifs-always-initialize-struct-msghdr-smb_msg-complet.patch @@ -0,0 +1,87 @@ +From 547a033ddf6213ee46912eace139efca383ca28a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Sep 2022 05:25:47 +0200 +Subject: cifs: always initialize struct msghdr smb_msg completely + +From: Stefan Metzmacher + +[ Upstream commit bedc8f76b3539ac4f952114b316bcc2251e808ce ] + +So far we were just lucky because the uninitialized members +of struct msghdr are not used by default on a SOCK_STREAM tcp +socket. + +But as new things like msg_ubuf and sg_from_iter where added +recently, we should play on the safe side and avoid potention +problems in future. + +Signed-off-by: Stefan Metzmacher +Cc: stable@vger.kernel.org +Reviewed-by: Paulo Alcantara (SUSE) +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/connect.c | 7 ++----- + fs/cifs/transport.c | 6 +----- + 2 files changed, 3 insertions(+), 10 deletions(-) + +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c +index 86bdebd2ece6..f8127edb8973 100644 +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -791,9 +791,6 @@ cifs_readv_from_socket(struct TCP_Server_Info *server, struct msghdr *smb_msg) + int length = 0; + int total_read; + +- smb_msg->msg_control = NULL; +- smb_msg->msg_controllen = 0; +- + for (total_read = 0; msg_data_left(smb_msg); total_read += length) { + try_to_freeze(); + +@@ -844,7 +841,7 @@ int + cifs_read_from_socket(struct TCP_Server_Info *server, char *buf, + unsigned int to_read) + { +- struct msghdr smb_msg; ++ struct msghdr smb_msg = {}; + struct kvec iov = {.iov_base = buf, .iov_len = to_read}; + iov_iter_kvec(&smb_msg.msg_iter, READ, &iov, 1, to_read); + +@@ -855,7 +852,7 @@ int + cifs_read_page_from_socket(struct TCP_Server_Info *server, struct page *page, + unsigned int page_offset, unsigned int to_read) + { +- struct msghdr smb_msg; ++ struct msghdr smb_msg = {}; + struct bio_vec bv = { + .bv_page = page, .bv_len = to_read, .bv_offset = page_offset}; + iov_iter_bvec(&smb_msg.msg_iter, READ, &bv, 1, to_read); +diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c +index 079a4f6162ed..b98ae69edb8f 100644 +--- a/fs/cifs/transport.c ++++ b/fs/cifs/transport.c +@@ -209,10 +209,6 @@ smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg, + + *sent = 0; + +- smb_msg->msg_name = NULL; +- smb_msg->msg_namelen = 0; +- smb_msg->msg_control = NULL; +- smb_msg->msg_controllen = 0; + if (server->noblocksnd) + smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; + else +@@ -324,7 +320,7 @@ __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, + sigset_t mask, oldmask; + size_t total_len = 0, sent, size; + struct socket *ssocket = server->ssocket; +- struct msghdr smb_msg; ++ struct msghdr smb_msg = {}; + int val = 1; + __be32 rfc1002_marker; + +-- +2.35.1 + diff --git a/queue-5.4/drivers-hv-never-allocate-anything-besides-framebuff.patch b/queue-5.4/drivers-hv-never-allocate-anything-besides-framebuff.patch new file mode 100644 index 00000000000..63cc180dc36 --- /dev/null +++ b/queue-5.4/drivers-hv-never-allocate-anything-besides-framebuff.patch @@ -0,0 +1,101 @@ +From e37a864d10d9f2c4a1f69bafeeee34ad4a0fc2ed Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 27 Aug 2022 15:03:45 +0200 +Subject: Drivers: hv: Never allocate anything besides framebuffer from + framebuffer memory region + +From: Vitaly Kuznetsov + +[ Upstream commit f0880e2cb7e1f8039a048fdd01ce45ab77247221 ] + +Passed through PCI device sometimes misbehave on Gen1 VMs when Hyper-V +DRM driver is also loaded. Looking at IOMEM assignment, we can see e.g. + +$ cat /proc/iomem +... +f8000000-fffbffff : PCI Bus 0000:00 + f8000000-fbffffff : 0000:00:08.0 + f8000000-f8001fff : bb8c4f33-2ba2-4808-9f7f-02f3b4da22fe +... +fe0000000-fffffffff : PCI Bus 0000:00 + fe0000000-fe07fffff : bb8c4f33-2ba2-4808-9f7f-02f3b4da22fe + fe0000000-fe07fffff : 2ba2:00:02.0 + fe0000000-fe07fffff : mlx4_core + +the interesting part is the 'f8000000' region as it is actually the +VM's framebuffer: + +$ lspci -v +... +0000:00:08.0 VGA compatible controller: Microsoft Corporation Hyper-V virtual VGA (prog-if 00 [VGA controller]) + Flags: bus master, fast devsel, latency 0, IRQ 11 + Memory at f8000000 (32-bit, non-prefetchable) [size=64M] +... + + hv_vmbus: registering driver hyperv_drm + hyperv_drm 5620e0c7-8062-4dce-aeb7-520c7ef76171: [drm] Synthvid Version major 3, minor 5 + hyperv_drm 0000:00:08.0: vgaarb: deactivate vga console + hyperv_drm 0000:00:08.0: BAR 0: can't reserve [mem 0xf8000000-0xfbffffff] + hyperv_drm 5620e0c7-8062-4dce-aeb7-520c7ef76171: [drm] Cannot request framebuffer, boot fb still active? + +Note: "Cannot request framebuffer" is not a fatal error in +hyperv_setup_gen1() as the code assumes there's some other framebuffer +device there but we actually have some other PCI device (mlx4 in this +case) config space there! + +The problem appears to be that vmbus_allocate_mmio() can use dedicated +framebuffer region to serve any MMIO request from any device. The +semantics one might assume of a parameter named "fb_overlap_ok" +aren't implemented because !fb_overlap_ok essentially has no effect. +The existing semantics are really "prefer_fb_overlap". This patch +implements the expected and needed semantics, which is to not allocate +from the frame buffer space when !fb_overlap_ok. + +Note, Gen2 VMs are usually unaffected by the issue because +framebuffer region is already taken by EFI fb (in case kernel supports +it) but Gen1 VMs may have this region unclaimed by the time Hyper-V PCI +pass-through driver tries allocating MMIO space if Hyper-V DRM/FB drivers +load after it. Devices can be brought up in any sequence so let's +resolve the issue by always ignoring 'fb_mmio' region for non-FB +requests, even if the region is unclaimed. + +Reviewed-by: Michael Kelley +Signed-off-by: Vitaly Kuznetsov +Link: https://lore.kernel.org/r/20220827130345.1320254-4-vkuznets@redhat.com +Signed-off-by: Wei Liu +Signed-off-by: Sasha Levin +--- + drivers/hv/vmbus_drv.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c +index 56918274c48c..d4c5efc6e157 100644 +--- a/drivers/hv/vmbus_drv.c ++++ b/drivers/hv/vmbus_drv.c +@@ -2075,7 +2075,7 @@ int vmbus_allocate_mmio(struct resource **new, struct hv_device *device_obj, + bool fb_overlap_ok) + { + struct resource *iter, *shadow; +- resource_size_t range_min, range_max, start; ++ resource_size_t range_min, range_max, start, end; + const char *dev_n = dev_name(&device_obj->device); + int retval; + +@@ -2110,6 +2110,14 @@ int vmbus_allocate_mmio(struct resource **new, struct hv_device *device_obj, + range_max = iter->end; + start = (range_min + align - 1) & ~(align - 1); + for (; start + size - 1 <= range_max; start += align) { ++ end = start + size - 1; ++ ++ /* Skip the whole fb_mmio region if not fb_overlap_ok */ ++ if (!fb_overlap_ok && fb_mmio && ++ (((start >= fb_mmio->start) && (start <= fb_mmio->end)) || ++ ((end >= fb_mmio->start) && (end <= fb_mmio->end)))) ++ continue; ++ + shadow = __request_region(iter, start, size, NULL, + IORESOURCE_BUSY); + if (!shadow) +-- +2.35.1 + diff --git a/queue-5.4/drm-amd-display-limit-user-regamma-to-a-valid-value.patch b/queue-5.4/drm-amd-display-limit-user-regamma-to-a-valid-value.patch new file mode 100644 index 00000000000..5082891663b --- /dev/null +++ b/queue-5.4/drm-amd-display-limit-user-regamma-to-a-valid-value.patch @@ -0,0 +1,55 @@ +From 7a7e1374e4d97a0e3b41ce67701b929d56f575a1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Aug 2022 18:30:31 +0800 +Subject: drm/amd/display: Limit user regamma to a valid value + +From: Yao Wang1 + +[ Upstream commit 3601d620f22e37740cf73f8278eabf9f2aa19eb7 ] + +[Why] +For HDR mode, we get total 512 tf_point and after switching to SDR mode +we actually get 400 tf_point and the rest of points(401~512) still use +dirty value from HDR mode. We should limit the rest of the points to max +value. + +[How] +Limit the value when coordinates_x.x > 1, just like what we do in +translate_from_linear_space for other re-gamma build paths. + +Tested-by: Daniel Wheeler +Reviewed-by: Krunoslav Kovac +Reviewed-by: Aric Cyr +Acked-by: Pavle Kotarac +Signed-off-by: Yao Wang1 +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/modules/color/color_gamma.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/gpu/drm/amd/display/modules/color/color_gamma.c b/drivers/gpu/drm/amd/display/modules/color/color_gamma.c +index e042d8ce05b4..22d105635e33 100644 +--- a/drivers/gpu/drm/amd/display/modules/color/color_gamma.c ++++ b/drivers/gpu/drm/amd/display/modules/color/color_gamma.c +@@ -1486,6 +1486,7 @@ static void interpolate_user_regamma(uint32_t hw_points_num, + struct fixed31_32 lut2; + struct fixed31_32 delta_lut; + struct fixed31_32 delta_index; ++ const struct fixed31_32 one = dc_fixpt_from_int(1); + + i = 0; + /* fixed_pt library has problems handling too small values */ +@@ -1514,6 +1515,9 @@ static void interpolate_user_regamma(uint32_t hw_points_num, + } else + hw_x = coordinates_x[i].x; + ++ if (dc_fixpt_le(one, hw_x)) ++ hw_x = one; ++ + norm_x = dc_fixpt_mul(norm_factor, hw_x); + index = dc_fixpt_floor(norm_x); + if (index < 0 || index > 255) +-- +2.35.1 + diff --git a/queue-5.4/drm-amdgpu-use-dirty-framebuffer-helper.patch b/queue-5.4/drm-amdgpu-use-dirty-framebuffer-helper.patch new file mode 100644 index 00000000000..c0555b53444 --- /dev/null +++ b/queue-5.4/drm-amdgpu-use-dirty-framebuffer-helper.patch @@ -0,0 +1,44 @@ +From 9e8e180bb030915e492d78504f6248a28a5f53bf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Sep 2022 15:01:49 -0400 +Subject: drm/amdgpu: use dirty framebuffer helper + +From: Hamza Mahfooz + +[ Upstream commit 66f99628eb24409cb8feb5061f78283c8b65f820 ] + +Currently, we aren't handling DRM_IOCTL_MODE_DIRTYFB. So, use +drm_atomic_helper_dirtyfb() as the dirty callback in the amdgpu_fb_funcs +struct. + +Signed-off-by: Hamza Mahfooz +Acked-by: Alex Deucher +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c +index b588e0e409e7..d8687868407d 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -495,6 +496,7 @@ bool amdgpu_display_ddc_probe(struct amdgpu_connector *amdgpu_connector, + static const struct drm_framebuffer_funcs amdgpu_fb_funcs = { + .destroy = drm_gem_fb_destroy, + .create_handle = drm_gem_fb_create_handle, ++ .dirty = drm_atomic_helper_dirtyfb, + }; + + uint32_t amdgpu_display_supported_domains(struct amdgpu_device *adev, +-- +2.35.1 + diff --git a/queue-5.4/drm-rockchip-fix-return-type-of-cdn_dp_connector_mod.patch b/queue-5.4/drm-rockchip-fix-return-type-of-cdn_dp_connector_mod.patch new file mode 100644 index 00000000000..790ee3b7590 --- /dev/null +++ b/queue-5.4/drm-rockchip-fix-return-type-of-cdn_dp_connector_mod.patch @@ -0,0 +1,51 @@ +From d8e5767e7c31dda06a1cac9fc597c4e06014dd17 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 13 Sep 2022 13:55:55 -0700 +Subject: drm/rockchip: Fix return type of cdn_dp_connector_mode_valid + +From: Nathan Huckleberry + +[ Upstream commit b0b9408f132623dc88e78adb5282f74e4b64bb57 ] + +The mode_valid field in drm_connector_helper_funcs is expected to be of +type: +enum drm_mode_status (* mode_valid) (struct drm_connector *connector, + struct drm_display_mode *mode); + +The mismatched return type breaks forward edge kCFI since the underlying +function definition does not match the function hook definition. + +The return type of cdn_dp_connector_mode_valid should be changed from +int to enum drm_mode_status. + +Reported-by: Dan Carpenter +Link: https://github.com/ClangBuiltLinux/linux/issues/1703 +Cc: llvm@lists.linux.dev +Signed-off-by: Nathan Huckleberry +Reviewed-by: Nathan Chancellor +Signed-off-by: Heiko Stuebner +Link: https://patchwork.freedesktop.org/patch/msgid/20220913205555.155149-1-nhuck@google.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/rockchip/cdn-dp-core.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/rockchip/cdn-dp-core.c b/drivers/gpu/drm/rockchip/cdn-dp-core.c +index 8f299d76b69b..67dae1354aa6 100644 +--- a/drivers/gpu/drm/rockchip/cdn-dp-core.c ++++ b/drivers/gpu/drm/rockchip/cdn-dp-core.c +@@ -275,8 +275,9 @@ static int cdn_dp_connector_get_modes(struct drm_connector *connector) + return ret; + } + +-static int cdn_dp_connector_mode_valid(struct drm_connector *connector, +- struct drm_display_mode *mode) ++static enum drm_mode_status ++cdn_dp_connector_mode_valid(struct drm_connector *connector, ++ struct drm_display_mode *mode) + { + struct cdn_dp_device *dp = connector_to_dp(connector); + struct drm_display_info *display_info = &dp->connector.display_info; +-- +2.35.1 + diff --git a/queue-5.4/gpio-ixp4xx-make-irqchip-immutable.patch b/queue-5.4/gpio-ixp4xx-make-irqchip-immutable.patch new file mode 100644 index 00000000000..902050cbf49 --- /dev/null +++ b/queue-5.4/gpio-ixp4xx-make-irqchip-immutable.patch @@ -0,0 +1,82 @@ +From f9317d5b6cafbe51db6c781647f15326fa17f2fa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 11 Sep 2022 21:07:51 +0200 +Subject: gpio: ixp4xx: Make irqchip immutable + +From: Linus Walleij + +[ Upstream commit 94e9bc73d85aa6ecfe249e985ff57abe0ab35f34 ] + +This turns the IXP4xx GPIO irqchip into an immutable +irqchip, a bit different from the standard template due +to being hierarchical. + +Tested on the IXP4xx which uses drivers/ata/pata_ixp4xx_cf.c +for a rootfs on compact flash with IRQs from this GPIO +block to the CF ATA controller. + +Cc: Marc Zyngier +Signed-off-by: Linus Walleij +Acked-by: Marc Zyngier +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-ixp4xx.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpio/gpio-ixp4xx.c b/drivers/gpio/gpio-ixp4xx.c +index b3b050604e0b..6bd047e2ca46 100644 +--- a/drivers/gpio/gpio-ixp4xx.c ++++ b/drivers/gpio/gpio-ixp4xx.c +@@ -67,6 +67,14 @@ static void ixp4xx_gpio_irq_ack(struct irq_data *d) + __raw_writel(BIT(d->hwirq), g->base + IXP4XX_REG_GPIS); + } + ++static void ixp4xx_gpio_mask_irq(struct irq_data *d) ++{ ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(d); ++ ++ irq_chip_mask_parent(d); ++ gpiochip_disable_irq(gc, d->hwirq); ++} ++ + static void ixp4xx_gpio_irq_unmask(struct irq_data *d) + { + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); +@@ -76,6 +84,7 @@ static void ixp4xx_gpio_irq_unmask(struct irq_data *d) + if (!(g->irq_edge & BIT(d->hwirq))) + ixp4xx_gpio_irq_ack(d); + ++ gpiochip_enable_irq(gc, d->hwirq); + irq_chip_unmask_parent(d); + } + +@@ -153,12 +162,14 @@ static int ixp4xx_gpio_irq_set_type(struct irq_data *d, unsigned int type) + return irq_chip_set_type_parent(d, IRQ_TYPE_LEVEL_HIGH); + } + +-static struct irq_chip ixp4xx_gpio_irqchip = { ++static const struct irq_chip ixp4xx_gpio_irqchip = { + .name = "IXP4GPIO", + .irq_ack = ixp4xx_gpio_irq_ack, +- .irq_mask = irq_chip_mask_parent, ++ .irq_mask = ixp4xx_gpio_mask_irq, + .irq_unmask = ixp4xx_gpio_irq_unmask, + .irq_set_type = ixp4xx_gpio_irq_set_type, ++ .flags = IRQCHIP_IMMUTABLE, ++ GPIOCHIP_IRQ_RESOURCE_HELPERS, + }; + + static int ixp4xx_gpio_child_to_parent_hwirq(struct gpio_chip *gc, +@@ -282,7 +293,7 @@ static int ixp4xx_gpio_probe(struct platform_device *pdev) + g->gc.owner = THIS_MODULE; + + girq = &g->gc.irq; +- girq->chip = &ixp4xx_gpio_irqchip; ++ gpio_irq_chip_set_chip(girq, &ixp4xx_gpio_irqchip); + girq->fwnode = g->fwnode; + girq->parent_domain = parent; + girq->child_to_parent_hwirq = ixp4xx_gpio_child_to_parent_hwirq; +-- +2.35.1 + diff --git a/queue-5.4/series b/queue-5.4/series index 7b4006dd69a..6522f66db7e 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -93,3 +93,9 @@ serial-tegra-use-uart_xmit_advance-fixes-icount.tx-accounting.patch serial-tegra-tcu-use-uart_xmit_advance-fixes-icount.tx-accounting.patch s390-dasd-fix-oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup.patch usb-xhci-mtk-fix-issue-of-out-of-bounds-array-access.patch +cifs-always-initialize-struct-msghdr-smb_msg-complet.patch +drivers-hv-never-allocate-anything-besides-framebuff.patch +gpio-ixp4xx-make-irqchip-immutable.patch +drm-amdgpu-use-dirty-framebuffer-helper.patch +drm-amd-display-limit-user-regamma-to-a-valid-value.patch +drm-rockchip-fix-return-type-of-cdn_dp_connector_mod.patch