From: Sasha Levin Date: Sat, 26 Jun 2021 18:32:17 +0000 (-0400) Subject: Fixes for 5.12 X-Git-Tag: v5.12.14~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7cc162157942030e6ceef76990b4157d6e842037;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.12 Signed-off-by: Sasha Levin --- diff --git a/queue-5.12/gpiolib-cdev-zero-padding-during-conversion-to-gpiol.patch b/queue-5.12/gpiolib-cdev-zero-padding-during-conversion-to-gpiol.patch new file mode 100644 index 00000000000..1dee9d5eb9d --- /dev/null +++ b/queue-5.12/gpiolib-cdev-zero-padding-during-conversion-to-gpiol.patch @@ -0,0 +1,42 @@ +From 01867289d27533ea20534005d4be31a98d1f089a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Jun 2021 15:28:59 -0700 +Subject: gpiolib: cdev: zero padding during conversion to + gpioline_info_changed + +From: Gabriel Knezek + +[ Upstream commit cb8f63b8cbf39845244f3ccae43bb7e63bd70543 ] + +When userspace requests a GPIO v1 line info changed event, +lineinfo_watch_read() populates and returns the gpioline_info_changed +structure. It contains 5 words of padding at the end which are not +initialized before being returned to userspace. + +Zero the structure in gpio_v2_line_info_change_to_v1() before populating +its contents. + +Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL") +Signed-off-by: Gabriel Knezek +Reviewed-by: Kent Gibson +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpiolib-cdev.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c +index 1631727bf0da..c7b5446d01fd 100644 +--- a/drivers/gpio/gpiolib-cdev.c ++++ b/drivers/gpio/gpiolib-cdev.c +@@ -1880,6 +1880,7 @@ static void gpio_v2_line_info_changed_to_v1( + struct gpio_v2_line_info_changed *lic_v2, + struct gpioline_info_changed *lic_v1) + { ++ memset(lic_v1, 0, sizeof(*lic_v1)); + gpio_v2_line_info_to_v1(&lic_v2->info, &lic_v1->info); + lic_v1->timestamp = lic_v2->timestamp_ns; + lic_v1->event_type = lic_v2->event_type; +-- +2.30.2 + diff --git a/queue-5.12/i2c-i801-ensure-that-smbhststs_inuse_sts-is-cleared-.patch b/queue-5.12/i2c-i801-ensure-that-smbhststs_inuse_sts-is-cleared-.patch new file mode 100644 index 00000000000..0cc521d024e --- /dev/null +++ b/queue-5.12/i2c-i801-ensure-that-smbhststs_inuse_sts-is-cleared-.patch @@ -0,0 +1,50 @@ +From fdf5a333e96acd39636f731a41b9e19af3ff86d2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Jun 2021 15:55:55 +0200 +Subject: i2c: i801: Ensure that SMBHSTSTS_INUSE_STS is cleared when leaving + i801_access + +From: Heiner Kallweit + +[ Upstream commit 065b6211a87746e196b56759a70c7851418dd741 ] + +As explained in [0] currently we may leave SMBHSTSTS_INUSE_STS set, +thus potentially breaking ACPI/BIOS usage of the SMBUS device. + +Seems patch [0] needs a little bit more of review effort, therefore +I'd suggest to apply a part of it as quick win. Just clearing +SMBHSTSTS_INUSE_STS when leaving i801_access() should fix the +referenced issue and leaves more time for discussing a more +sophisticated locking handling. + +[0] https://www.spinics.net/lists/linux-i2c/msg51558.html + +Fixes: 01590f361e94 ("i2c: i801: Instantiate SPD EEPROMs automatically") +Suggested-by: Hector Martin +Signed-off-by: Heiner Kallweit +Reviewed-by: Hector Martin +Reviewed-by: Jean Delvare +Tested-by: Jean Delvare +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-i801.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c +index f9e1c2ceaac0..04a1e38f2a6f 100644 +--- a/drivers/i2c/busses/i2c-i801.c ++++ b/drivers/i2c/busses/i2c-i801.c +@@ -978,6 +978,9 @@ static s32 i801_access(struct i2c_adapter *adap, u16 addr, + } + + out: ++ /* Unlock the SMBus device for use by BIOS/ACPI */ ++ outb_p(SMBHSTSTS_INUSE_STS, SMBHSTSTS(priv)); ++ + pm_runtime_mark_last_busy(&priv->pci_dev->dev); + pm_runtime_put_autosuspend(&priv->pci_dev->dev); + mutex_unlock(&priv->acpi_lock); +-- +2.30.2 + diff --git a/queue-5.12/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch b/queue-5.12/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch new file mode 100644 index 00000000000..b1ca123e725 --- /dev/null +++ b/queue-5.12/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch @@ -0,0 +1,59 @@ +From cfefdae722e887996ab65c58aaad78f104cf75b5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Jun 2021 18:39:33 -0700 +Subject: nilfs2: fix memory leak in nilfs_sysfs_delete_device_group + +From: Pavel Skripkin + +[ Upstream commit 8fd0c1b0647a6bda4067ee0cd61e8395954b6f28 ] + +My local syzbot instance hit memory leak in nilfs2. The problem was in +missing kobject_put() in nilfs_sysfs_delete_device_group(). + +kobject_del() does not call kobject_cleanup() for passed kobject and it +leads to leaking duped kobject name if kobject_put() was not called. + +Fail log: + + BUG: memory leak + unreferenced object 0xffff8880596171e0 (size 8): + comm "syz-executor379", pid 8381, jiffies 4294980258 (age 21.100s) + hex dump (first 8 bytes): + 6c 6f 6f 70 30 00 00 00 loop0... + backtrace: + kstrdup+0x36/0x70 mm/util.c:60 + kstrdup_const+0x53/0x80 mm/util.c:83 + kvasprintf_const+0x108/0x190 lib/kasprintf.c:48 + kobject_set_name_vargs+0x56/0x150 lib/kobject.c:289 + kobject_add_varg lib/kobject.c:384 [inline] + kobject_init_and_add+0xc9/0x160 lib/kobject.c:473 + nilfs_sysfs_create_device_group+0x150/0x800 fs/nilfs2/sysfs.c:999 + init_nilfs+0xe26/0x12b0 fs/nilfs2/the_nilfs.c:637 + +Link: https://lkml.kernel.org/r/20210612140559.20022-1-paskripkin@gmail.com +Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/ group") +Signed-off-by: Pavel Skripkin +Acked-by: Ryusuke Konishi +Cc: Michael L. Semon +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/nilfs2/sysfs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c +index 303d71430bdd..9c6c0e2e5880 100644 +--- a/fs/nilfs2/sysfs.c ++++ b/fs/nilfs2/sysfs.c +@@ -1053,6 +1053,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs) + nilfs_sysfs_delete_superblock_group(nilfs); + nilfs_sysfs_delete_segctor_group(nilfs); + kobject_del(&nilfs->ns_dev_kobj); ++ kobject_put(&nilfs->ns_dev_kobj); + kfree(nilfs->ns_dev_subgroups); + } + +-- +2.30.2 + diff --git a/queue-5.12/pinctrl-microchip-sgpio-put-fwnode-in-error-case-dur.patch b/queue-5.12/pinctrl-microchip-sgpio-put-fwnode-in-error-case-dur.patch new file mode 100644 index 00000000000..ce8b08203c0 --- /dev/null +++ b/queue-5.12/pinctrl-microchip-sgpio-put-fwnode-in-error-case-dur.patch @@ -0,0 +1,41 @@ +From 1677bdb8aba4618cab8cce9eb74374d77678017e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Jun 2021 22:19:40 +0300 +Subject: pinctrl: microchip-sgpio: Put fwnode in error case during ->probe() + +From: Andy Shevchenko + +[ Upstream commit 76b7f8fae30a9249f820e019f1e62eca992751a2 ] + +device_for_each_child_node() bumps a reference counting of a returned variable. +We have to balance it whenever we return to the caller. + +Fixes: 7e5ea974e61c ("pinctrl: pinctrl-microchip-sgpio: Add pinctrl driver for Microsemi Serial GPIO") +Cc: Lars Povlsen +Signed-off-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20210606191940.29312-1-andy.shevchenko@gmail.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/pinctrl-microchip-sgpio.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/pinctrl/pinctrl-microchip-sgpio.c b/drivers/pinctrl/pinctrl-microchip-sgpio.c +index c12fa57ebd12..165cb7a59715 100644 +--- a/drivers/pinctrl/pinctrl-microchip-sgpio.c ++++ b/drivers/pinctrl/pinctrl-microchip-sgpio.c +@@ -845,8 +845,10 @@ static int microchip_sgpio_probe(struct platform_device *pdev) + i = 0; + device_for_each_child_node(dev, fwnode) { + ret = microchip_sgpio_register_bank(dev, priv, fwnode, i++); +- if (ret) ++ if (ret) { ++ fwnode_handle_put(fwnode); + return ret; ++ } + } + + if (priv->in.gpio.ngpio != priv->out.gpio.ngpio) { +-- +2.30.2 + diff --git a/queue-5.12/pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch b/queue-5.12/pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch new file mode 100644 index 00000000000..5c7e1a613e6 --- /dev/null +++ b/queue-5.12/pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch @@ -0,0 +1,56 @@ +From 6b86c2fa668f18511d6ad219eae113b6a1b4c1a1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Jun 2021 16:46:29 +0200 +Subject: pinctrl: stm32: fix the reported number of GPIO lines per bank + +From: Fabien Dessenne + +[ Upstream commit 67e2996f72c71ebe4ac2fcbcf77e54479bb7aa11 ] + +Each GPIO bank supports a variable number of lines which is usually 16, but +is less in some cases : this is specified by the last argument of the +"gpio-ranges" bank node property. +Report to the framework, the actual number of lines, so the libgpiod +gpioinfo command lists the actually existing GPIO lines. + +Fixes: 1dc9d289154b ("pinctrl: stm32: add possibility to use gpio-ranges to declare bank range") +Signed-off-by: Fabien Dessenne +Link: https://lore.kernel.org/r/20210617144629.2557693-1-fabien.dessenne@foss.st.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/stm32/pinctrl-stm32.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c +index 7d9bdedcd71b..3af4430543dc 100644 +--- a/drivers/pinctrl/stm32/pinctrl-stm32.c ++++ b/drivers/pinctrl/stm32/pinctrl-stm32.c +@@ -1229,7 +1229,7 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, + struct device *dev = pctl->dev; + struct resource res; + int npins = STM32_GPIO_PINS_PER_BANK; +- int bank_nr, err; ++ int bank_nr, err, i = 0; + + if (!IS_ERR(bank->rstc)) + reset_control_deassert(bank->rstc); +@@ -1251,9 +1251,14 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, + + of_property_read_string(np, "st,bank-name", &bank->gpio_chip.label); + +- if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, 0, &args)) { ++ if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, i, &args)) { + bank_nr = args.args[1] / STM32_GPIO_PINS_PER_BANK; + bank->gpio_chip.base = args.args[1]; ++ ++ npins = args.args[2]; ++ while (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, ++ ++i, &args)) ++ npins += args.args[2]; + } else { + bank_nr = pctl->nbanks; + bank->gpio_chip.base = bank_nr * STM32_GPIO_PINS_PER_BANK; +-- +2.30.2 + diff --git a/queue-5.12/scsi-sd-call-sd_revalidate_disk-for-ioctl-blkrrpart.patch b/queue-5.12/scsi-sd-call-sd_revalidate_disk-for-ioctl-blkrrpart.patch new file mode 100644 index 00000000000..b14b90c3e31 --- /dev/null +++ b/queue-5.12/scsi-sd-call-sd_revalidate_disk-for-ioctl-blkrrpart.patch @@ -0,0 +1,67 @@ +From 110bfd621f45b71e49eb8f2f6d16d9dd12029dec Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Jun 2021 13:55:04 +0200 +Subject: scsi: sd: Call sd_revalidate_disk() for ioctl(BLKRRPART) + +From: Christoph Hellwig + +[ Upstream commit d1b7f92035c6fb42529ada531e2cbf3534544c82 ] + +While the disk state has nothing to do with partitions, BLKRRPART is used +to force a full revalidate after things like a disk format for historical +reasons. Restore that behavior. + +Link: https://lore.kernel.org/r/20210617115504.1732350-1-hch@lst.de +Fixes: 471bd0af544b ("sd: use bdev_check_media_change") +Reported-by: Xiang Chen +Tested-by: Xiang Chen +Signed-off-by: Christoph Hellwig +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/sd.c | 22 ++++++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c +index ed0b1bb99f08..a0356f3707b8 100644 +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -1387,6 +1387,22 @@ static void sd_uninit_command(struct scsi_cmnd *SCpnt) + } + } + ++static bool sd_need_revalidate(struct block_device *bdev, ++ struct scsi_disk *sdkp) ++{ ++ if (sdkp->device->removable || sdkp->write_prot) { ++ if (bdev_check_media_change(bdev)) ++ return true; ++ } ++ ++ /* ++ * Force a full rescan after ioctl(BLKRRPART). While the disk state has ++ * nothing to do with partitions, BLKRRPART is used to force a full ++ * revalidate after things like a format for historical reasons. ++ */ ++ return test_bit(GD_NEED_PART_SCAN, &bdev->bd_disk->state); ++} ++ + /** + * sd_open - open a scsi disk device + * @bdev: Block device of the scsi disk to open +@@ -1423,10 +1439,8 @@ static int sd_open(struct block_device *bdev, fmode_t mode) + if (!scsi_block_when_processing_errors(sdev)) + goto error_out; + +- if (sdev->removable || sdkp->write_prot) { +- if (bdev_check_media_change(bdev)) +- sd_revalidate_disk(bdev->bd_disk); +- } ++ if (sd_need_revalidate(bdev, sdkp)) ++ sd_revalidate_disk(bdev->bd_disk); + + /* + * If the drive is empty, just let the open fail. +-- +2.30.2 + diff --git a/queue-5.12/series b/queue-5.12/series index ffec29c423c..7b9a96441cb 100644 --- a/queue-5.12/series +++ b/queue-5.12/series @@ -59,3 +59,10 @@ net-ll_temac-add-memory-barriers-for-tx-bd-access.patch net-ll_temac-avoid-ndo_start_xmit-returning-netdev_t.patch riscv-dts-fu740-fix-cache-controller-interrupts.patch perf-x86-track-pmu-in-per-cpu-cpu_hw_events.patch +pinctrl-microchip-sgpio-put-fwnode-in-error-case-dur.patch +pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch +i2c-i801-ensure-that-smbhststs_inuse_sts-is-cleared-.patch +gpiolib-cdev-zero-padding-during-conversion-to-gpiol.patch +scsi-sd-call-sd_revalidate_disk-for-ioctl-blkrrpart.patch +software-node-handle-software-node-injection-to-an-e.patch +nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch diff --git a/queue-5.12/software-node-handle-software-node-injection-to-an-e.patch b/queue-5.12/software-node-handle-software-node-injection-to-an-e.patch new file mode 100644 index 00000000000..99bb172b6ca --- /dev/null +++ b/queue-5.12/software-node-handle-software-node-injection-to-an-e.patch @@ -0,0 +1,75 @@ +From dd41e14b5574cc25ce54b79fb587b72ac97daa86 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 23 Jun 2021 16:14:21 +0300 +Subject: software node: Handle software node injection to an existing device + properly + +From: Heikki Krogerus + +[ Upstream commit 5dca69e26fe97f17d4a6cbd6872103c868577b14 ] + +The function software_node_notify() - the function that creates +and removes the symlinks between the node and the device - was +called unconditionally in device_add_software_node() and +device_remove_software_node(), but it needs to be called in +those functions only in the special case where the node is +added to a device that has already been registered. + +This fixes NULL pointer dereference that happens if +device_remove_software_node() is used with device that was +never registered. + +Fixes: b622b24519f5 ("software node: Allow node addition to already existing device") +Reported-and-tested-by: Dominik Brodowski +Reviewed-by: Andy Shevchenko +Signed-off-by: Heikki Krogerus +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/base/swnode.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/drivers/base/swnode.c b/drivers/base/swnode.c +index 88310ac9ce90..62c536f9d925 100644 +--- a/drivers/base/swnode.c ++++ b/drivers/base/swnode.c +@@ -1032,7 +1032,15 @@ int device_add_software_node(struct device *dev, const struct software_node *nod + } + + set_secondary_fwnode(dev, &swnode->fwnode); +- software_node_notify(dev, KOBJ_ADD); ++ ++ /* ++ * If the device has been fully registered by the time this function is ++ * called, software_node_notify() must be called separately so that the ++ * symlinks get created and the reference count of the node is kept in ++ * balance. ++ */ ++ if (device_is_registered(dev)) ++ software_node_notify(dev, KOBJ_ADD); + + return 0; + } +@@ -1052,7 +1060,8 @@ void device_remove_software_node(struct device *dev) + if (!swnode) + return; + +- software_node_notify(dev, KOBJ_REMOVE); ++ if (device_is_registered(dev)) ++ software_node_notify(dev, KOBJ_REMOVE); + set_secondary_fwnode(dev, NULL); + kobject_put(&swnode->kobj); + } +@@ -1106,8 +1115,7 @@ int software_node_notify(struct device *dev, unsigned long action) + + switch (action) { + case KOBJ_ADD: +- ret = sysfs_create_link_nowarn(&dev->kobj, &swnode->kobj, +- "software_node"); ++ ret = sysfs_create_link(&dev->kobj, &swnode->kobj, "software_node"); + if (ret) + break; + +-- +2.30.2 +