From: Sasha Levin Date: Fri, 11 Oct 2024 19:35:16 +0000 (-0400) Subject: Fixes for 4.19 X-Git-Tag: v5.10.227~72 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=90fd00ec9671038a0d9e3cb76d90c7810d3c7eab;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/bpf-check-percpu-map-value-size-first.patch b/queue-4.19/bpf-check-percpu-map-value-size-first.patch new file mode 100644 index 00000000000..5e9bf20f455 --- /dev/null +++ b/queue-4.19/bpf-check-percpu-map-value-size-first.patch @@ -0,0 +1,59 @@ +From ea1732ed7c22b7897299039457007b7095cb6ff3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Sep 2024 22:41:10 +0800 +Subject: bpf: Check percpu map value size first + +From: Tao Chen + +[ Upstream commit 1d244784be6b01162b732a5a7d637dfc024c3203 ] + +Percpu map is often used, but the map value size limit often ignored, +like issue: https://github.com/iovisor/bcc/issues/2519. Actually, +percpu map value size is bound by PCPU_MIN_UNIT_SIZE, so we +can check the value size whether it exceeds PCPU_MIN_UNIT_SIZE first, +like percpu map of local_storage. Maybe the error message seems clearer +compared with "cannot allocate memory". + +Signed-off-by: Jinke Han +Signed-off-by: Tao Chen +Signed-off-by: Andrii Nakryiko +Acked-by: Jiri Olsa +Acked-by: Andrii Nakryiko +Link: https://lore.kernel.org/bpf/20240910144111.1464912-2-chen.dylane@gmail.com +Signed-off-by: Sasha Levin +--- + kernel/bpf/arraymap.c | 3 +++ + kernel/bpf/hashtab.c | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c +index 44f53c06629e2..03e244b11f5a0 100644 +--- a/kernel/bpf/arraymap.c ++++ b/kernel/bpf/arraymap.c +@@ -71,6 +71,9 @@ int array_map_alloc_check(union bpf_attr *attr) + * access the elements. + */ + return -E2BIG; ++ /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ ++ if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) ++ return -E2BIG; + + return 0; + } +diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c +index 16081d8384bfc..bca3287030460 100644 +--- a/kernel/bpf/hashtab.c ++++ b/kernel/bpf/hashtab.c +@@ -291,6 +291,9 @@ static int htab_map_alloc_check(union bpf_attr *attr) + * kmalloc-able later in htab_map_update_elem() + */ + return -E2BIG; ++ /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ ++ if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) ++ return -E2BIG; + + return 0; + } +-- +2.43.0 + diff --git a/queue-4.19/clk-bcm-bcm53573-fix-of-node-leak-in-init.patch b/queue-4.19/clk-bcm-bcm53573-fix-of-node-leak-in-init.patch new file mode 100644 index 00000000000..e65384e544c --- /dev/null +++ b/queue-4.19/clk-bcm-bcm53573-fix-of-node-leak-in-init.patch @@ -0,0 +1,39 @@ +From 8981cecfc21f453cf725edf8e710f70ac1da5760 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 26 Aug 2024 08:58:01 +0200 +Subject: clk: bcm: bcm53573: fix OF node leak in init + +From: Krzysztof Kozlowski + +[ Upstream commit f92d67e23b8caa81f6322a2bad1d633b00ca000e ] + +Driver code is leaking OF node reference from of_get_parent() in +bcm53573_ilp_init(). Usage of of_get_parent() is not needed in the +first place, because the parent node will not be freed while we are +processing given node (triggered by CLK_OF_DECLARE()). Thus fix the +leak by accessing parent directly, instead of of_get_parent(). + +Signed-off-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20240826065801.17081-1-krzysztof.kozlowski@linaro.org +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/bcm/clk-bcm53573-ilp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/clk/bcm/clk-bcm53573-ilp.c b/drivers/clk/bcm/clk-bcm53573-ilp.c +index 36eb3716ffb00..3bc6837f844db 100644 +--- a/drivers/clk/bcm/clk-bcm53573-ilp.c ++++ b/drivers/clk/bcm/clk-bcm53573-ilp.c +@@ -115,7 +115,7 @@ static void bcm53573_ilp_init(struct device_node *np) + goto err_free_ilp; + } + +- ilp->regmap = syscon_node_to_regmap(of_get_parent(np)); ++ ilp->regmap = syscon_node_to_regmap(np->parent); + if (IS_ERR(ilp->regmap)) { + err = PTR_ERR(ilp->regmap); + goto err_free_ilp; +-- +2.43.0 + diff --git a/queue-4.19/driver-core-bus-return-eio-instead-of-0-when-show-st.patch b/queue-4.19/driver-core-bus-return-eio-instead-of-0-when-show-st.patch new file mode 100644 index 00000000000..c8e29a49630 --- /dev/null +++ b/queue-4.19/driver-core-bus-return-eio-instead-of-0-when-show-st.patch @@ -0,0 +1,49 @@ +From d378cd87f6cff8c7da216c60ba9f4d265a968a99 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Jul 2024 21:54:48 +0800 +Subject: driver core: bus: Return -EIO instead of 0 when show/store invalid + bus attribute + +From: Zijun Hu + +[ Upstream commit c0fd973c108cdc22a384854bc4b3e288a9717bb2 ] + +Return -EIO instead of 0 for below erroneous bus attribute operations: + - read a bus attribute without show(). + - write a bus attribute without store(). + +Signed-off-by: Zijun Hu +Link: https://lore.kernel.org/r/20240724-bus_fix-v2-1-5adbafc698fb@quicinc.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/base/bus.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/base/bus.c b/drivers/base/bus.c +index e06a57936cc96..aad13af4175b8 100644 +--- a/drivers/base/bus.c ++++ b/drivers/base/bus.c +@@ -103,7 +103,8 @@ static ssize_t bus_attr_show(struct kobject *kobj, struct attribute *attr, + { + struct bus_attribute *bus_attr = to_bus_attr(attr); + struct subsys_private *subsys_priv = to_subsys_private(kobj); +- ssize_t ret = 0; ++ /* return -EIO for reading a bus attribute without show() */ ++ ssize_t ret = -EIO; + + if (bus_attr->show) + ret = bus_attr->show(subsys_priv->bus, buf); +@@ -115,7 +116,8 @@ static ssize_t bus_attr_store(struct kobject *kobj, struct attribute *attr, + { + struct bus_attribute *bus_attr = to_bus_attr(attr); + struct subsys_private *subsys_priv = to_subsys_private(kobj); +- ssize_t ret = 0; ++ /* return -EIO for writing a bus attribute without store() */ ++ ssize_t ret = -EIO; + + if (bus_attr->store) + ret = bus_attr->store(subsys_priv->bus, buf, count); +-- +2.43.0 + diff --git a/queue-4.19/ext4-nested-locking-for-xattr-inode.patch b/queue-4.19/ext4-nested-locking-for-xattr-inode.patch new file mode 100644 index 00000000000..2dc88d1c5ec --- /dev/null +++ b/queue-4.19/ext4-nested-locking-for-xattr-inode.patch @@ -0,0 +1,189 @@ +From 2c423aa0050c65a60cb3d1ea7f2da019f754f518 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Aug 2024 16:38:27 +0200 +Subject: ext4: nested locking for xattr inode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Wojciech Gładysz + +[ Upstream commit d1bc560e9a9c78d0b2314692847fc8661e0aeb99 ] + +Add nested locking with I_MUTEX_XATTR subclass to avoid lockdep warning +while handling xattr inode on file open syscall at ext4_xattr_inode_iget. + +Backtrace +EXT4-fs (loop0): Ignoring removed oldalloc option +====================================================== +WARNING: possible circular locking dependency detected +5.10.0-syzkaller #0 Not tainted +------------------------------------------------------ +syz-executor543/2794 is trying to acquire lock: +ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline] +ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 + +but task is already holding lock: +ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559 + +which lock already depends on the new lock. + +the existing dependency chain (in reverse order) is: + +-> #1 (&ei->i_data_sem/3){++++}-{3:3}: + lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 + down_write+0x93/0x180 kernel/locking/rwsem.c:1564 + ext4_update_i_disksize fs/ext4/ext4.h:3267 [inline] + ext4_xattr_inode_write fs/ext4/xattr.c:1390 [inline] + ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1538 [inline] + ext4_xattr_set_entry+0x331a/0x3d80 fs/ext4/xattr.c:1662 + ext4_xattr_ibody_set+0x124/0x390 fs/ext4/xattr.c:2228 + ext4_xattr_set_handle+0xc27/0x14e0 fs/ext4/xattr.c:2385 + ext4_xattr_set+0x219/0x390 fs/ext4/xattr.c:2498 + ext4_xattr_user_set+0xc9/0xf0 fs/ext4/xattr_user.c:40 + __vfs_setxattr+0x404/0x450 fs/xattr.c:177 + __vfs_setxattr_noperm+0x11d/0x4f0 fs/xattr.c:208 + __vfs_setxattr_locked+0x1f9/0x210 fs/xattr.c:266 + vfs_setxattr+0x112/0x2c0 fs/xattr.c:283 + setxattr+0x1db/0x3e0 fs/xattr.c:548 + path_setxattr+0x15a/0x240 fs/xattr.c:567 + __do_sys_setxattr fs/xattr.c:582 [inline] + __se_sys_setxattr fs/xattr.c:578 [inline] + __x64_sys_setxattr+0xc5/0xe0 fs/xattr.c:578 + do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 + entry_SYSCALL_64_after_hwframe+0x61/0xcb + +-> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}: + check_prev_add kernel/locking/lockdep.c:2988 [inline] + check_prevs_add kernel/locking/lockdep.c:3113 [inline] + validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729 + __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955 + lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 + down_write+0x93/0x180 kernel/locking/rwsem.c:1564 + inode_lock include/linux/fs.h:782 [inline] + ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 + ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485 + ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline] + ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline] + ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774 + __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898 + ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline] + __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018 + ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562 + notify_change+0xbb6/0xe60 fs/attr.c:435 + do_truncate+0x1de/0x2c0 fs/open.c:64 + handle_truncate fs/namei.c:2970 [inline] + do_open fs/namei.c:3311 [inline] + path_openat+0x29f3/0x3290 fs/namei.c:3425 + do_filp_open+0x20b/0x450 fs/namei.c:3452 + do_sys_openat2+0x124/0x460 fs/open.c:1207 + do_sys_open fs/open.c:1223 [inline] + __do_sys_open fs/open.c:1231 [inline] + __se_sys_open fs/open.c:1227 [inline] + __x64_sys_open+0x221/0x270 fs/open.c:1227 + do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 + entry_SYSCALL_64_after_hwframe+0x61/0xcb + +other info that might help us debug this: + + Possible unsafe locking scenario: + + CPU0 CPU1 + ---- ---- + lock(&ei->i_data_sem/3); + lock(&ea_inode->i_rwsem#7/1); + lock(&ei->i_data_sem/3); + lock(&ea_inode->i_rwsem#7/1); + + *** DEADLOCK *** + +5 locks held by syz-executor543/2794: + #0: ffff888026fbc448 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x4a/0x2a0 fs/namespace.c:365 + #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline] + #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x1cf/0x2c0 fs/open.c:62 + #2: ffff8880215e3310 (&ei->i_mmap_sem){++++}-{3:3}, at: ext4_setattr+0xec4/0x19c0 fs/ext4/inode.c:5519 + #3: ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559 + #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline] + #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:5938 [inline] + #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4fb/0x810 fs/ext4/inode.c:6018 + +stack backtrace: +CPU: 1 PID: 2794 Comm: syz-executor543 Not tainted 5.10.0-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 +Call Trace: + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x177/0x211 lib/dump_stack.c:118 + print_circular_bug+0x146/0x1b0 kernel/locking/lockdep.c:2002 + check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2123 + check_prev_add kernel/locking/lockdep.c:2988 [inline] + check_prevs_add kernel/locking/lockdep.c:3113 [inline] + validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729 + __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955 + lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 + down_write+0x93/0x180 kernel/locking/rwsem.c:1564 + inode_lock include/linux/fs.h:782 [inline] + ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 + ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485 + ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline] + ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline] + ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774 + __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898 + ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline] + __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018 + ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562 + notify_change+0xbb6/0xe60 fs/attr.c:435 + do_truncate+0x1de/0x2c0 fs/open.c:64 + handle_truncate fs/namei.c:2970 [inline] + do_open fs/namei.c:3311 [inline] + path_openat+0x29f3/0x3290 fs/namei.c:3425 + do_filp_open+0x20b/0x450 fs/namei.c:3452 + do_sys_openat2+0x124/0x460 fs/open.c:1207 + do_sys_open fs/open.c:1223 [inline] + __do_sys_open fs/open.c:1231 [inline] + __se_sys_open fs/open.c:1227 [inline] + __x64_sys_open+0x221/0x270 fs/open.c:1227 + do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 + entry_SYSCALL_64_after_hwframe+0x61/0xcb +RIP: 0033:0x7f0cde4ea229 +Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 +RSP: 002b:00007ffd81d1c978 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 +RAX: ffffffffffffffda RBX: 0030656c69662f30 RCX: 00007f0cde4ea229 +RDX: 0000000000000089 RSI: 00000000000a0a00 RDI: 00000000200001c0 +RBP: 2f30656c69662f2e R08: 0000000000208000 R09: 0000000000208000 +R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd81d1c9c0 +R13: 00007ffd81d1ca00 R14: 0000000000080000 R15: 0000000000000003 +EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2730: inode #13: comm syz-executor543: corrupted in-inode xattr + +Signed-off-by: Wojciech Gładysz +Link: https://patch.msgid.link/20240801143827.19135-1-wojciech.gladysz@infogain.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/xattr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c +index e9299f769dbfe..4e8cd5dde186c 100644 +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -437,7 +437,7 @@ static int ext4_xattr_inode_iget(struct inode *parent, unsigned long ea_ino, + ext4_set_inode_state(inode, EXT4_STATE_LUSTRE_EA_INODE); + ext4_xattr_inode_set_ref(inode, 1); + } else { +- inode_lock(inode); ++ inode_lock_nested(inode, I_MUTEX_XATTR); + inode->i_flags |= S_NOQUOTA; + inode_unlock(inode); + } +@@ -1053,7 +1053,7 @@ static int ext4_xattr_inode_update_ref(handle_t *handle, struct inode *ea_inode, + s64 ref_count; + int ret; + +- inode_lock(ea_inode); ++ inode_lock_nested(ea_inode, I_MUTEX_XATTR); + + ret = ext4_reserve_inode_write(handle, ea_inode, &iloc); + if (ret) { +-- +2.43.0 + diff --git a/queue-4.19/fbdev-sisfb-fix-strbuf-array-overflow.patch b/queue-4.19/fbdev-sisfb-fix-strbuf-array-overflow.patch new file mode 100644 index 00000000000..223b86b55f8 --- /dev/null +++ b/queue-4.19/fbdev-sisfb-fix-strbuf-array-overflow.patch @@ -0,0 +1,42 @@ +From 6169f61f02dd06568195b396421be095552674c9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2024 22:34:24 +0300 +Subject: fbdev: sisfb: Fix strbuf array overflow + +From: Andrey Shumilin + +[ Upstream commit 9cf14f5a2746c19455ce9cb44341b5527b5e19c3 ] + +The values of the variables xres and yres are placed in strbuf. +These variables are obtained from strbuf1. +The strbuf1 array contains digit characters +and a space if the array contains non-digit characters. +Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); +more than 16 bytes will be written to strbuf. +It is suggested to increase the size of the strbuf array to 24. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Signed-off-by: Andrey Shumilin +Signed-off-by: Helge Deller +Signed-off-by: Sasha Levin +--- + drivers/video/fbdev/sis/sis_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/video/fbdev/sis/sis_main.c b/drivers/video/fbdev/sis/sis_main.c +index b7f9da690db27..38a772582bc3e 100644 +--- a/drivers/video/fbdev/sis/sis_main.c ++++ b/drivers/video/fbdev/sis/sis_main.c +@@ -197,7 +197,7 @@ static void sisfb_search_mode(char *name, bool quiet) + { + unsigned int j = 0, xres = 0, yres = 0, depth = 0, rate = 0; + int i = 0; +- char strbuf[16], strbuf1[20]; ++ char strbuf[24], strbuf1[20]; + char *nameptr = name; + + /* We don't know the hardware specs yet and there is no ivideo */ +-- +2.43.0 + diff --git a/queue-4.19/i2c-i801-use-a-different-adapter-name-for-idf-adapte.patch b/queue-4.19/i2c-i801-use-a-different-adapter-name-for-idf-adapte.patch new file mode 100644 index 00000000000..a27126839d3 --- /dev/null +++ b/queue-4.19/i2c-i801-use-a-different-adapter-name-for-idf-adapte.patch @@ -0,0 +1,55 @@ +From 0a60e392759af52239bbe51a8a1c42c62bbcf2c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Aug 2024 22:39:48 +0200 +Subject: i2c: i801: Use a different adapter-name for IDF adapters +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hans de Goede + +[ Upstream commit 43457ada98c824f310adb7bd96bd5f2fcd9a3279 ] + +On chipsets with a second 'Integrated Device Function' SMBus controller use +a different adapter-name for the second IDF adapter. + +This allows platform glue code which is looking for the primary i801 +adapter to manually instantiate i2c_clients on to differentiate +between the 2. + +This allows such code to find the primary i801 adapter by name, without +needing to duplicate the PCI-ids to feature-flags mapping from i2c-i801.c. + +Reviewed-by: Pali Rohár +Signed-off-by: Hans de Goede +Acked-by: Wolfram Sang +Signed-off-by: Andi Shyti +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-i801.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c +index c1e2539b79502..b552f8d62fa2f 100644 +--- a/drivers/i2c/busses/i2c-i801.c ++++ b/drivers/i2c/busses/i2c-i801.c +@@ -1674,8 +1674,15 @@ static int i801_probe(struct pci_dev *dev, const struct pci_device_id *id) + + i801_add_tco(priv); + ++ /* ++ * adapter.name is used by platform code to find the main I801 adapter ++ * to instantiante i2c_clients, do not change. ++ */ + snprintf(priv->adapter.name, sizeof(priv->adapter.name), +- "SMBus I801 adapter at %04lx", priv->smba); ++ "SMBus %s adapter at %04lx", ++ (priv->features & FEATURE_IDF) ? "I801 IDF" : "I801", ++ priv->smba); ++ + err = i2c_add_adapter(&priv->adapter); + if (err) { + platform_device_unregister(priv->tco_pdev); +-- +2.43.0 + diff --git a/queue-4.19/ktest.pl-avoid-false-positives-with-grub2-skip-regex.patch b/queue-4.19/ktest.pl-avoid-false-positives-with-grub2-skip-regex.patch new file mode 100644 index 00000000000..2fe151acf96 --- /dev/null +++ b/queue-4.19/ktest.pl-avoid-false-positives-with-grub2-skip-regex.patch @@ -0,0 +1,52 @@ +From 72846c9ea99f145ec8d0e3d3f426c83c75601464 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 4 Sep 2024 13:55:30 -0400 +Subject: ktest.pl: Avoid false positives with grub2 skip regex + +From: Daniel Jordan + +[ Upstream commit 2351e8c65404aabc433300b6bf90c7a37e8bbc4d ] + +Some distros have grub2 config files with the lines + + if [ x"${feature_menuentry_id}" = xy ]; then + menuentry_id_option="--id" + else + menuentry_id_option="" + fi + +which match the skip regex defined for grub2 in get_grub_index(): + + $skip = '^\s*menuentry'; + +These false positives cause the grub number to be higher than it +should be, and the wrong kernel can end up booting. + +Grub documents the menuentry command with whitespace between it and the +title, so make the skip regex reflect this. + +Link: https://lore.kernel.org/20240904175530.84175-1-daniel.m.jordan@oracle.com +Signed-off-by: Daniel Jordan +Acked-by: John 'Warthog9' Hawley (Tenstorrent) +Signed-off-by: Steven Rostedt +Signed-off-by: Sasha Levin +--- + tools/testing/ktest/ktest.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl +index a29d9e125b00b..fe73902a197c6 100755 +--- a/tools/testing/ktest/ktest.pl ++++ b/tools/testing/ktest/ktest.pl +@@ -1969,7 +1969,7 @@ sub get_grub_index { + } elsif ($reboot_type eq "grub2") { + $command = "cat $grub_file"; + $target = '^\s*menuentry.*' . $grub_menu_qt; +- $skip = '^\s*menuentry'; ++ $skip = '^\s*menuentry\s'; + $submenu = '^\s*submenu\s'; + } elsif ($reboot_type eq "grub2bls") { + $command = $grub_bls_get; +-- +2.43.0 + diff --git a/queue-4.19/media-videobuf2-core-clear-memory-related-fields-in-.patch b/queue-4.19/media-videobuf2-core-clear-memory-related-fields-in-.patch new file mode 100644 index 00000000000..14b4842ba9f --- /dev/null +++ b/queue-4.19/media-videobuf2-core-clear-memory-related-fields-in-.patch @@ -0,0 +1,52 @@ +From 0677507cdb472b9e95663d530d2be13d29dec4c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Aug 2024 11:06:40 +0900 +Subject: media: videobuf2-core: clear memory related fields in + __vb2_plane_dmabuf_put() + +From: Yunke Cao + +[ Upstream commit 6a9c97ab6b7e85697e0b74e86062192a5ffffd99 ] + +Clear vb2_plane's memory related fields in __vb2_plane_dmabuf_put(), +including bytesused, length, fd and data_offset. + +Remove the duplicated code in __prepare_dmabuf(). + +Signed-off-by: Yunke Cao +Acked-by: Tomasz Figa +Signed-off-by: Hans Verkuil +Signed-off-by: Sasha Levin +--- + drivers/media/common/videobuf2/videobuf2-core.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c +index 50015a2ea5ce0..98719aa986bb9 100644 +--- a/drivers/media/common/videobuf2/videobuf2-core.c ++++ b/drivers/media/common/videobuf2/videobuf2-core.c +@@ -281,6 +281,10 @@ static void __vb2_plane_dmabuf_put(struct vb2_buffer *vb, struct vb2_plane *p) + p->mem_priv = NULL; + p->dbuf = NULL; + p->dbuf_mapped = 0; ++ p->bytesused = 0; ++ p->length = 0; ++ p->m.fd = 0; ++ p->data_offset = 0; + } + + /* +@@ -1169,10 +1173,6 @@ static int __prepare_dmabuf(struct vb2_buffer *vb, const void *pb) + + /* Release previously acquired memory if present */ + __vb2_plane_dmabuf_put(vb, &vb->planes[plane]); +- vb->planes[plane].bytesused = 0; +- vb->planes[plane].length = 0; +- vb->planes[plane].m.fd = 0; +- vb->planes[plane].data_offset = 0; + + /* Acquire each plane's memory */ + mem_priv = call_ptr_memop(vb, attach_dmabuf, +-- +2.43.0 + diff --git a/queue-4.19/pci-mark-creative-labs-emu20k2-intx-masking-as-broke.patch b/queue-4.19/pci-mark-creative-labs-emu20k2-intx-masking-as-broke.patch new file mode 100644 index 00000000000..811e5d4df61 --- /dev/null +++ b/queue-4.19/pci-mark-creative-labs-emu20k2-intx-masking-as-broke.patch @@ -0,0 +1,45 @@ +From f797c41c99ef4363902ba8bcef2e347080533b67 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 12 Sep 2024 15:53:27 -0600 +Subject: PCI: Mark Creative Labs EMU20k2 INTx masking as broken +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alex Williamson + +[ Upstream commit 2910306655a7072640021563ec9501bfa67f0cb1 ] + +Per user reports, the Creative Labs EMU20k2 (Sound Blaster X-Fi +Titanium Series) generates spurious interrupts when used with +vfio-pci unless DisINTx masking support is disabled. + +Thus, quirk the device to mark INTx masking as broken. + +Closes: https://lore.kernel.org/all/VI1PR10MB8207C507DB5420AB4C7281E0DB9A2@VI1PR10MB8207.EURPRD10.PROD.OUTLOOK.COM +Link: https://lore.kernel.org/linux-pci/20240912215331.839220-1-alex.williamson@redhat.com +Reported-by: zdravko delineshev +Signed-off-by: Alex Williamson +[kwilczynski: commit log] +Signed-off-by: Krzysztof Wilczyński +Signed-off-by: Sasha Levin +--- + drivers/pci/quirks.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c +index bb51820890965..e496670d7994e 100644 +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -3347,6 +3347,8 @@ DECLARE_PCI_FIXUP_FINAL(0x1814, 0x0601, /* Ralink RT2800 802.11n PCI */ + quirk_broken_intx_masking); + DECLARE_PCI_FIXUP_FINAL(0x1b7c, 0x0004, /* Ceton InfiniTV4 */ + quirk_broken_intx_masking); ++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_CREATIVE, PCI_DEVICE_ID_CREATIVE_20K2, ++ quirk_broken_intx_masking); + + /* + * Realtek RTL8169 PCI Gigabit Ethernet Controller (rev 10) +-- +2.43.0 + diff --git a/queue-4.19/s390-cpum_sf-remove-warn_on_once-statements.patch b/queue-4.19/s390-cpum_sf-remove-warn_on_once-statements.patch new file mode 100644 index 00000000000..e2dd05dda34 --- /dev/null +++ b/queue-4.19/s390-cpum_sf-remove-warn_on_once-statements.patch @@ -0,0 +1,71 @@ +From 28bc3da4608de5f097a954f70191543111ef4e4d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Jul 2024 12:23:47 +0200 +Subject: s390/cpum_sf: Remove WARN_ON_ONCE statements + +From: Thomas Richter + +[ Upstream commit b495e710157606889f2d8bdc62aebf2aa02f67a7 ] + +Remove WARN_ON_ONCE statements. These have not triggered in the +past. + +Signed-off-by: Thomas Richter +Acked-by: Sumanth Korikkar +Cc: Heiko Carstens +Cc: Vasily Gorbik +Cc: Alexander Gordeev +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + arch/s390/kernel/perf_cpum_sf.c | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +diff --git a/arch/s390/kernel/perf_cpum_sf.c b/arch/s390/kernel/perf_cpum_sf.c +index c8e1e325215b8..c7f94b5d93968 100644 +--- a/arch/s390/kernel/perf_cpum_sf.c ++++ b/arch/s390/kernel/perf_cpum_sf.c +@@ -1360,7 +1360,7 @@ static int aux_output_begin(struct perf_output_handle *handle, + unsigned long head, base, offset; + struct hws_trailer_entry *te; + +- if (WARN_ON_ONCE(handle->head & ~PAGE_MASK)) ++ if (handle->head & ~PAGE_MASK) + return -EINVAL; + + aux->head = handle->head >> PAGE_SHIFT; +@@ -1528,7 +1528,7 @@ static void hw_collect_aux(struct cpu_hw_sf *cpuhw) + unsigned long num_sdb; + + aux = perf_get_aux(handle); +- if (WARN_ON_ONCE(!aux)) ++ if (!aux) + return; + + /* Inform user space new data arrived */ +@@ -1547,7 +1547,7 @@ static void hw_collect_aux(struct cpu_hw_sf *cpuhw) + debug_sprintf_event(sfdbg, 1, "AUX buffer used up\n"); + break; + } +- if (WARN_ON_ONCE(!aux)) ++ if (!aux) + return; + + /* Update head and alert_mark to new position */ +@@ -1746,12 +1746,8 @@ static void cpumsf_pmu_start(struct perf_event *event, int flags) + { + struct cpu_hw_sf *cpuhw = this_cpu_ptr(&cpu_hw_sf); + +- if (WARN_ON_ONCE(!(event->hw.state & PERF_HES_STOPPED))) ++ if (!(event->hw.state & PERF_HES_STOPPED)) + return; +- +- if (flags & PERF_EF_RELOAD) +- WARN_ON_ONCE(!(event->hw.state & PERF_HES_UPTODATE)); +- + perf_pmu_disable(event->pmu); + event->hw.state = 0; + cpuhw->lsctl.cs = 1; +-- +2.43.0 + diff --git a/queue-4.19/s390-facility-disable-compile-time-optimization-for-.patch b/queue-4.19/s390-facility-disable-compile-time-optimization-for-.patch new file mode 100644 index 00000000000..260450c25b9 --- /dev/null +++ b/queue-4.19/s390-facility-disable-compile-time-optimization-for-.patch @@ -0,0 +1,45 @@ +From 53092c3a0d19c8510ddec2d8051367b9649fccf1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 4 Sep 2024 11:39:24 +0200 +Subject: s390/facility: Disable compile time optimization for decompressor + code + +From: Heiko Carstens + +[ Upstream commit 0147addc4fb72a39448b8873d8acdf3a0f29aa65 ] + +Disable compile time optimizations of test_facility() for the +decompressor. The decompressor should not contain any optimized code +depending on the architecture level set the kernel image is compiled +for to avoid unexpected operation exceptions. + +Add a __DECOMPRESSOR check to test_facility() to enforce that +facilities are always checked during runtime for the decompressor. + +Reviewed-by: Sven Schnelle +Signed-off-by: Heiko Carstens +Signed-off-by: Sasha Levin +--- + arch/s390/include/asm/facility.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/arch/s390/include/asm/facility.h b/arch/s390/include/asm/facility.h +index 7ffbc5d7ccf38..79730031e17f3 100644 +--- a/arch/s390/include/asm/facility.h ++++ b/arch/s390/include/asm/facility.h +@@ -53,8 +53,10 @@ static inline int test_facility(unsigned long nr) + unsigned long facilities_als[] = { FACILITIES_ALS }; + + if (__builtin_constant_p(nr) && nr < sizeof(facilities_als) * 8) { +- if (__test_facility(nr, &facilities_als)) +- return 1; ++ if (__test_facility(nr, &facilities_als)) { ++ if (!__is_defined(__DECOMPRESSOR)) ++ return 1; ++ } + } + return __test_facility(nr, &S390_lowcore.stfle_fac_list); + } +-- +2.43.0 + diff --git a/queue-4.19/s390-mm-add-cond_resched-to-cmm_alloc-free_pages.patch b/queue-4.19/s390-mm-add-cond_resched-to-cmm_alloc-free_pages.patch new file mode 100644 index 00000000000..abcc131acc8 --- /dev/null +++ b/queue-4.19/s390-mm-add-cond_resched-to-cmm_alloc-free_pages.patch @@ -0,0 +1,69 @@ +From e091316ce7294b92fd9b373249a37856f79d2933 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 2 Sep 2024 14:02:19 +0200 +Subject: s390/mm: Add cond_resched() to cmm_alloc/free_pages() + +From: Gerald Schaefer + +[ Upstream commit 131b8db78558120f58c5dc745ea9655f6b854162 ] + +Adding/removing large amount of pages at once to/from the CMM balloon +can result in rcu_sched stalls or workqueue lockups, because of busy +looping w/o cond_resched(). + +Prevent this by adding a cond_resched(). cmm_free_pages() holds a +spin_lock while looping, so it cannot be added directly to the existing +loop. Instead, introduce a wrapper function that operates on maximum 256 +pages at once, and add it there. + +Signed-off-by: Gerald Schaefer +Reviewed-by: Heiko Carstens +Signed-off-by: Heiko Carstens +Signed-off-by: Sasha Levin +--- + arch/s390/mm/cmm.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/arch/s390/mm/cmm.c b/arch/s390/mm/cmm.c +index a51c892f14f3e..756aefbd05249 100644 +--- a/arch/s390/mm/cmm.c ++++ b/arch/s390/mm/cmm.c +@@ -98,11 +98,12 @@ static long cmm_alloc_pages(long nr, long *counter, + (*counter)++; + spin_unlock(&cmm_lock); + nr--; ++ cond_resched(); + } + return nr; + } + +-static long cmm_free_pages(long nr, long *counter, struct cmm_page_array **list) ++static long __cmm_free_pages(long nr, long *counter, struct cmm_page_array **list) + { + struct cmm_page_array *pa; + unsigned long addr; +@@ -126,6 +127,21 @@ static long cmm_free_pages(long nr, long *counter, struct cmm_page_array **list) + return nr; + } + ++static long cmm_free_pages(long nr, long *counter, struct cmm_page_array **list) ++{ ++ long inc = 0; ++ ++ while (nr) { ++ inc = min(256L, nr); ++ nr -= inc; ++ inc = __cmm_free_pages(inc, counter, list); ++ if (inc) ++ break; ++ cond_resched(); ++ } ++ return nr + inc; ++} ++ + static int cmm_oom_notify(struct notifier_block *self, + unsigned long dummy, void *parm) + { +-- +2.43.0 + diff --git a/queue-4.19/series b/queue-4.19/series index 7798c7f0551..c5b7b9a1f63 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -232,3 +232,17 @@ drm-move-drm_mode_setcrtc-local-re-init-to-failure-p.patch drm-crtc-fix-uninitialized-variable-use-even-harder.patch virtio_console-fix-misc-probe-bugs.patch input-synaptics-rmi4-fix-uaf-of-irq-domain-on-driver.patch +bpf-check-percpu-map-value-size-first.patch +s390-facility-disable-compile-time-optimization-for-.patch +s390-mm-add-cond_resched-to-cmm_alloc-free_pages.patch +ext4-nested-locking-for-xattr-inode.patch +s390-cpum_sf-remove-warn_on_once-statements.patch +ktest.pl-avoid-false-positives-with-grub2-skip-regex.patch +clk-bcm-bcm53573-fix-of-node-leak-in-init.patch +i2c-i801-use-a-different-adapter-name-for-idf-adapte.patch +pci-mark-creative-labs-emu20k2-intx-masking-as-broke.patch +media-videobuf2-core-clear-memory-related-fields-in-.patch +usb-chipidea-udc-enable-suspend-interrupt-after-usb-.patch +tools-iio-add-memory-allocation-failure-check-for-tr.patch +driver-core-bus-return-eio-instead-of-0-when-show-st.patch +fbdev-sisfb-fix-strbuf-array-overflow.patch diff --git a/queue-4.19/tools-iio-add-memory-allocation-failure-check-for-tr.patch b/queue-4.19/tools-iio-add-memory-allocation-failure-check-for-tr.patch new file mode 100644 index 00000000000..696b413b474 --- /dev/null +++ b/queue-4.19/tools-iio-add-memory-allocation-failure-check-for-tr.patch @@ -0,0 +1,38 @@ +From e95965403be687b26be9e5f2326ab63643b7b1de Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 28 Aug 2024 02:31:29 -0700 +Subject: tools/iio: Add memory allocation failure check for trigger_name + +From: Zhu Jun + +[ Upstream commit 3c6b818b097dd6932859bcc3d6722a74ec5931c1 ] + +Added a check to handle memory allocation failure for `trigger_name` +and return `-ENOMEM`. + +Signed-off-by: Zhu Jun +Link: https://patch.msgid.link/20240828093129.3040-1-zhujun2@cmss.chinamobile.com +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + tools/iio/iio_generic_buffer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tools/iio/iio_generic_buffer.c b/tools/iio/iio_generic_buffer.c +index ca9f33fa51c9f..e8cf3dc8de72c 100644 +--- a/tools/iio/iio_generic_buffer.c ++++ b/tools/iio/iio_generic_buffer.c +@@ -483,6 +483,10 @@ int main(int argc, char **argv) + return -ENOMEM; + } + trigger_name = malloc(IIO_MAX_NAME_LENGTH); ++ if (!trigger_name) { ++ ret = -ENOMEM; ++ goto error; ++ } + ret = read_sysfs_string("name", trig_dev_name, trigger_name); + free(trig_dev_name); + if (ret < 0) { +-- +2.43.0 + diff --git a/queue-4.19/usb-chipidea-udc-enable-suspend-interrupt-after-usb-.patch b/queue-4.19/usb-chipidea-udc-enable-suspend-interrupt-after-usb-.patch new file mode 100644 index 00000000000..242ca685b06 --- /dev/null +++ b/queue-4.19/usb-chipidea-udc-enable-suspend-interrupt-after-usb-.patch @@ -0,0 +1,59 @@ +From 99e1c6351d07b433a2ba5beef5e2c9e61b921071 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 23 Aug 2024 15:38:32 +0800 +Subject: usb: chipidea: udc: enable suspend interrupt after usb reset + +From: Xu Yang + +[ Upstream commit e4fdcc10092fb244218013bfe8ff01c55d54e8e4 ] + +Currently, suspend interrupt is enabled before pullup enable operation. +This will cause a suspend interrupt assert right after pullup DP. This +suspend interrupt is meaningless, so this will ignore such interrupt +by enable it after usb reset completed. + +Signed-off-by: Xu Yang +Acked-by: Peter Chen +Link: https://lore.kernel.org/r/20240823073832.1702135-1-xu.yang_2@nxp.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/chipidea/udc.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c +index 3bda856ff2cab..6a626f41cded1 100644 +--- a/drivers/usb/chipidea/udc.c ++++ b/drivers/usb/chipidea/udc.c +@@ -81,7 +81,7 @@ static int hw_device_state(struct ci_hdrc *ci, u32 dma) + hw_write(ci, OP_ENDPTLISTADDR, ~0, dma); + /* interrupt, error, port change, reset, sleep/suspend */ + hw_write(ci, OP_USBINTR, ~0, +- USBi_UI|USBi_UEI|USBi_PCI|USBi_URI|USBi_SLI); ++ USBi_UI|USBi_UEI|USBi_PCI|USBi_URI); + } else { + hw_write(ci, OP_USBINTR, ~0, 0); + } +@@ -748,6 +748,7 @@ __releases(ci->lock) + __acquires(ci->lock) + { + int retval; ++ u32 intr; + + spin_unlock(&ci->lock); + if (ci->gadget.speed != USB_SPEED_UNKNOWN) +@@ -761,6 +762,11 @@ __acquires(ci->lock) + if (retval) + goto done; + ++ /* clear SLI */ ++ hw_write(ci, OP_USBSTS, USBi_SLI, USBi_SLI); ++ intr = hw_read(ci, OP_USBINTR, ~0); ++ hw_write(ci, OP_USBINTR, ~0, intr | USBi_SLI); ++ + ci->status = usb_ep_alloc_request(&ci->ep0in->ep, GFP_ATOMIC); + if (ci->status == NULL) + retval = -ENOMEM; +-- +2.43.0 +