From: Sasha Levin Date: Tue, 10 Sep 2024 00:36:22 +0000 (-0400) Subject: Fixes for 5.4 X-Git-Tag: v4.19.322~35 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9dedb75da644a9d51f9cae81e2d274d8d7311a9e;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch b/queue-5.4/acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch new file mode 100644 index 00000000000..139a8f26685 --- /dev/null +++ b/queue-5.4/acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch @@ -0,0 +1,83 @@ +From 61fa05a97587f2dc0cca93d78942b45b0f71f816 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:32 +0100 +Subject: ACPI: processor: Fix memory leaks in error paths of processor_add() + +From: Jonathan Cameron + +[ Upstream commit 47ec9b417ed9b6b8ec2a941cd84d9de62adc358a ] + +If acpi_processor_get_info() returned an error, pr and the associated +pr->throttling.shared_cpu_map were leaked. + +The unwind code was in the wrong order wrt to setup, relying on +some unwind actions having no affect (clearing variables that were +never set etc). That makes it harder to reason about so reorder +and add appropriate labels to only undo what was actually set up +in the first place. + +Acked-by: Rafael J. Wysocki +Reviewed-by: Gavin Shan +Signed-off-by: Jonathan Cameron +Link: https://lore.kernel.org/r/20240529133446.28446-6-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + drivers/acpi/acpi_processor.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c +index ffa10cb4f717..c8338d627857 100644 +--- a/drivers/acpi/acpi_processor.c ++++ b/drivers/acpi/acpi_processor.c +@@ -388,7 +388,7 @@ static int acpi_processor_add(struct acpi_device *device, + + result = acpi_processor_get_info(device); + if (result) /* Processor is not physically present or unavailable */ +- return result; ++ goto err_clear_driver_data; + + BUG_ON(pr->id >= nr_cpu_ids); + +@@ -403,7 +403,7 @@ static int acpi_processor_add(struct acpi_device *device, + "BIOS reported wrong ACPI id %d for the processor\n", + pr->id); + /* Give up, but do not abort the namespace scan. */ +- goto err; ++ goto err_clear_driver_data; + } + /* + * processor_device_array is not cleared on errors to allow buggy BIOS +@@ -415,12 +415,12 @@ static int acpi_processor_add(struct acpi_device *device, + dev = get_cpu_device(pr->id); + if (!dev) { + result = -ENODEV; +- goto err; ++ goto err_clear_per_cpu; + } + + result = acpi_bind_one(dev, device); + if (result) +- goto err; ++ goto err_clear_per_cpu; + + pr->dev = dev; + +@@ -431,10 +431,11 @@ static int acpi_processor_add(struct acpi_device *device, + dev_err(dev, "Processor driver could not be attached\n"); + acpi_unbind_one(dev); + +- err: +- free_cpumask_var(pr->throttling.shared_cpu_map); +- device->driver_data = NULL; ++ err_clear_per_cpu: + per_cpu(processors, pr->id) = NULL; ++ err_clear_driver_data: ++ device->driver_data = NULL; ++ free_cpumask_var(pr->throttling.shared_cpu_map); + err_free_pr: + kfree(pr); + return result; +-- +2.43.0 + diff --git a/queue-5.4/acpi-processor-return-an-error-if-acpi_processor_get.patch b/queue-5.4/acpi-processor-return-an-error-if-acpi_processor_get.patch new file mode 100644 index 00000000000..992f8a40b1c --- /dev/null +++ b/queue-5.4/acpi-processor-return-an-error-if-acpi_processor_get.patch @@ -0,0 +1,44 @@ +From e5ea3baa9c4df3ce81560098c7eca7bcb4adb550 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:31 +0100 +Subject: ACPI: processor: Return an error if acpi_processor_get_info() fails + in processor_add() + +From: Jonathan Cameron + +[ Upstream commit fadf231f0a06a6748a7fc4a2c29ac9ef7bca6bfd ] + +Rafael observed [1] that returning 0 from processor_add() will result in +acpi_default_enumeration() being called which will attempt to create a +platform device, but that makes little sense when the processor is known +to be not available. So just return the error code from acpi_processor_get_info() +instead. + +Link: https://lore.kernel.org/all/CAJZ5v0iKU8ra9jR+EmgxbuNm=Uwx2m1-8vn_RAZ+aCiUVLe3Pw@mail.gmail.com/ [1] +Suggested-by: Rafael J. Wysocki +Acked-by: Rafael J. Wysocki +Reviewed-by: Gavin Shan +Signed-off-by: Jonathan Cameron +Link: https://lore.kernel.org/r/20240529133446.28446-5-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + drivers/acpi/acpi_processor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c +index 2c4dda0787e8..ffa10cb4f717 100644 +--- a/drivers/acpi/acpi_processor.c ++++ b/drivers/acpi/acpi_processor.c +@@ -388,7 +388,7 @@ static int acpi_processor_add(struct acpi_device *device, + + result = acpi_processor_get_info(device); + if (result) /* Processor is not physically present or unavailable */ +- return 0; ++ return result; + + BUG_ON(pr->id >= nr_cpu_ids); + +-- +2.43.0 + diff --git a/queue-5.4/arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch b/queue-5.4/arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch new file mode 100644 index 00000000000..14c57a0129e --- /dev/null +++ b/queue-5.4/arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch @@ -0,0 +1,46 @@ +From d667243a574169037b005101b817145c74ec91e8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:39 +0100 +Subject: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry + +From: Jonathan Cameron + +[ Upstream commit 2488444274c70038eb6b686cba5f1ce48ebb9cdd ] + +In a review discussion of the changes to support vCPU hotplug where +a check was added on the GICC being enabled if was online, it was +noted that there is need to map back to the cpu and use that to index +into a cpumask. As such, a valid ID is needed. + +If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible +for the entry in cpu_madt_gicc[cpu] == NULL. This function would +then cause a NULL pointer dereference. Whilst a path to trigger +this has not been established, harden this caller against the +possibility. + +Reviewed-by: Gavin Shan +Signed-off-by: Jonathan Cameron +Link: https://lore.kernel.org/r/20240529133446.28446-13-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/acpi.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/acpi.h b/arch/arm64/include/asm/acpi.h +index f391ea7a5409..cbf97e648d19 100644 +--- a/arch/arm64/include/asm/acpi.h ++++ b/arch/arm64/include/asm/acpi.h +@@ -115,7 +115,8 @@ static inline int get_cpu_for_acpi_id(u32 uid) + int cpu; + + for (cpu = 0; cpu < nr_cpu_ids; cpu++) +- if (uid == get_acpi_id_for_cpu(cpu)) ++ if (acpi_cpu_get_madt_gicc(cpu) && ++ uid == get_acpi_id_for_cpu(cpu)) + return cpu; + + return -EINVAL; +-- +2.43.0 + diff --git a/queue-5.4/arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch b/queue-5.4/arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch new file mode 100644 index 00000000000..aebc315ff92 --- /dev/null +++ b/queue-5.4/arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch @@ -0,0 +1,82 @@ +From da319b57a48359a142d67ed84f5a503297a178c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:38 +0100 +Subject: arm64: acpi: Move get_cpu_for_acpi_id() to a header + +From: James Morse + +[ Upstream commit 8d34b6f17b9ac93faa2791eb037dcb08bdf755de ] + +ACPI identifies CPUs by UID. get_cpu_for_acpi_id() maps the ACPI UID +to the Linux CPU number. + +The helper to retrieve this mapping is only available in arm64's NUMA +code. + +Move it to live next to get_acpi_id_for_cpu(). + +Signed-off-by: James Morse +Reviewed-by: Jonathan Cameron +Reviewed-by: Gavin Shan +Tested-by: Miguel Luis +Tested-by: Vishnu Pajjuri +Tested-by: Jianyong Wu +Signed-off-by: Russell King (Oracle) +Acked-by: Hanjun Guo +Signed-off-by: Jonathan Cameron +Reviewed-by: Lorenzo Pieralisi +Link: https://lore.kernel.org/r/20240529133446.28446-12-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/acpi.h | 11 +++++++++++ + arch/arm64/kernel/acpi_numa.c | 11 ----------- + 2 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/arch/arm64/include/asm/acpi.h b/arch/arm64/include/asm/acpi.h +index a45366c3909b..f391ea7a5409 100644 +--- a/arch/arm64/include/asm/acpi.h ++++ b/arch/arm64/include/asm/acpi.h +@@ -110,6 +110,17 @@ static inline u32 get_acpi_id_for_cpu(unsigned int cpu) + return acpi_cpu_get_madt_gicc(cpu)->uid; + } + ++static inline int get_cpu_for_acpi_id(u32 uid) ++{ ++ int cpu; ++ ++ for (cpu = 0; cpu < nr_cpu_ids; cpu++) ++ if (uid == get_acpi_id_for_cpu(cpu)) ++ return cpu; ++ ++ return -EINVAL; ++} ++ + static inline void arch_fix_phys_package_id(int num, u32 slot) { } + void __init acpi_init_cpus(void); + int apei_claim_sea(struct pt_regs *regs); +diff --git a/arch/arm64/kernel/acpi_numa.c b/arch/arm64/kernel/acpi_numa.c +index 048b75cadd2f..c5feac18c238 100644 +--- a/arch/arm64/kernel/acpi_numa.c ++++ b/arch/arm64/kernel/acpi_numa.c +@@ -34,17 +34,6 @@ int __init acpi_numa_get_nid(unsigned int cpu) + return acpi_early_node_map[cpu]; + } + +-static inline int get_cpu_for_acpi_id(u32 uid) +-{ +- int cpu; +- +- for (cpu = 0; cpu < nr_cpu_ids; cpu++) +- if (uid == get_acpi_id_for_cpu(cpu)) +- return cpu; +- +- return -EINVAL; +-} +- + static int __init acpi_parse_gicc_pxm(union acpi_subtable_headers *header, + const unsigned long end) + { +-- +2.43.0 + diff --git a/queue-5.4/drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch b/queue-5.4/drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch new file mode 100644 index 00000000000..6255c93f3c3 --- /dev/null +++ b/queue-5.4/drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch @@ -0,0 +1,59 @@ +From b522754a0c342b49f0ed9e6464c663d168693a16 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2024 18:58:38 +0300 +Subject: drm/i915/fence: Mark debug_fence_free() with __maybe_unused + +From: Andy Shevchenko + +[ Upstream commit f99999536128b14b5d765a9982763b5134efdd79 ] + +When debug_fence_free() is unused +(CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS=n), it prevents kernel builds +with clang, `make W=1` and CONFIG_WERROR=y: + +.../i915_sw_fence.c:118:20: error: unused function 'debug_fence_free' [-Werror,-Wunused-function] + 118 | static inline void debug_fence_free(struct i915_sw_fence *fence) + | ^~~~~~~~~~~~~~~~ + +Fix this by marking debug_fence_free() with __maybe_unused. + +See also commit 6863f5643dd7 ("kbuild: allow Clang to find unused static +inline functions for W=1 build"). + +Fixes: fc1584059d6c ("drm/i915: Integrate i915_sw_fence with debugobjects") +Signed-off-by: Andy Shevchenko +Reviewed-by: Jani Nikula +Link: https://patchwork.freedesktop.org/patch/msgid/20240829155950.1141978-3-andriy.shevchenko@linux.intel.com +Signed-off-by: Jani Nikula +(cherry picked from commit 8be4dce5ea6f2368cc25edc71989c4690fa66964) +Signed-off-by: Joonas Lahtinen +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/i915_sw_fence.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_sw_fence.c b/drivers/gpu/drm/i915/i915_sw_fence.c +index 475e4b9485af..8f20668a860e 100644 +--- a/drivers/gpu/drm/i915/i915_sw_fence.c ++++ b/drivers/gpu/drm/i915/i915_sw_fence.c +@@ -64,7 +64,7 @@ static inline void debug_fence_destroy(struct i915_sw_fence *fence) + debug_object_destroy(fence, &i915_sw_fence_debug_descr); + } + +-static inline void debug_fence_free(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_free(struct i915_sw_fence *fence) + { + debug_object_free(fence, &i915_sw_fence_debug_descr); + smp_wmb(); /* flush the change in state before reallocation */ +@@ -102,7 +102,7 @@ static inline void debug_fence_destroy(struct i915_sw_fence *fence) + { + } + +-static inline void debug_fence_free(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_free(struct i915_sw_fence *fence) + { + } + +-- +2.43.0 + diff --git a/queue-5.4/drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch b/queue-5.4/drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch new file mode 100644 index 00000000000..1a3b51e61cc --- /dev/null +++ b/queue-5.4/drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch @@ -0,0 +1,58 @@ +From a81b153328ea39c0e5a1691723c2387ba6ea063b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2024 18:58:37 +0300 +Subject: drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused + +From: Andy Shevchenko + +[ Upstream commit fcd9e8afd546f6ced378d078345a89bf346d065e ] + +When debug_fence_init_onstack() is unused (CONFIG_DRM_I915_SELFTEST=n), +it prevents kernel builds with clang, `make W=1` and CONFIG_WERROR=y: + +.../i915_sw_fence.c:97:20: error: unused function 'debug_fence_init_onstack' [-Werror,-Wunused-function] + 97 | static inline void debug_fence_init_onstack(struct i915_sw_fence *fence) + | ^~~~~~~~~~~~~~~~~~~~~~~~ + +Fix this by marking debug_fence_init_onstack() with __maybe_unused. + +See also commit 6863f5643dd7 ("kbuild: allow Clang to find unused static +inline functions for W=1 build"). + +Fixes: 214707fc2ce0 ("drm/i915/selftests: Wrap a timer into a i915_sw_fence") +Signed-off-by: Andy Shevchenko +Reviewed-by: Jani Nikula +Link: https://patchwork.freedesktop.org/patch/msgid/20240829155950.1141978-2-andriy.shevchenko@linux.intel.com +Signed-off-by: Jani Nikula +(cherry picked from commit 5bf472058ffb43baf6a4cdfe1d7f58c4c194c688) +Signed-off-by: Joonas Lahtinen +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/i915_sw_fence.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_sw_fence.c b/drivers/gpu/drm/i915/i915_sw_fence.c +index b3fd6ff665da..475e4b9485af 100644 +--- a/drivers/gpu/drm/i915/i915_sw_fence.c ++++ b/drivers/gpu/drm/i915/i915_sw_fence.c +@@ -38,7 +38,7 @@ static inline void debug_fence_init(struct i915_sw_fence *fence) + debug_object_init(fence, &i915_sw_fence_debug_descr); + } + +-static inline void debug_fence_init_onstack(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_init_onstack(struct i915_sw_fence *fence) + { + debug_object_init_on_stack(fence, &i915_sw_fence_debug_descr); + } +@@ -81,7 +81,7 @@ static inline void debug_fence_init(struct i915_sw_fence *fence) + { + } + +-static inline void debug_fence_init_onstack(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_init_onstack(struct i915_sw_fence *fence) + { + } + +-- +2.43.0 + diff --git a/queue-5.4/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch b/queue-5.4/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch new file mode 100644 index 00000000000..3a268609e14 --- /dev/null +++ b/queue-5.4/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch @@ -0,0 +1,48 @@ +From f2a3fc7a7f963bdf2425706e4eb5ff857ae3dfd8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 21 Aug 2024 16:28:26 +0200 +Subject: nvmet-tcp: fix kernel crash if commands allocation fails + +From: Maurizio Lombardi + +[ Upstream commit 5572a55a6f830ee3f3a994b6b962a5c327d28cb3 ] + +If the commands allocation fails in nvmet_tcp_alloc_cmds() +the kernel crashes in nvmet_tcp_release_queue_work() because of +a NULL pointer dereference. + + nvmet: failed to install queue 0 cntlid 1 ret 6 + Unable to handle kernel NULL pointer dereference at + virtual address 0000000000000008 + +Fix the bug by setting queue->nr_cmds to zero in case +nvmet_tcp_alloc_cmd() fails. + +Fixes: 872d26a391da ("nvmet-tcp: add NVMe over TCP target driver") +Signed-off-by: Maurizio Lombardi +Reviewed-by: Christoph Hellwig +Signed-off-by: Keith Busch +Signed-off-by: Sasha Levin +--- + drivers/nvme/target/tcp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c +index fa6e7fbf356e..11c8506e04ca 100644 +--- a/drivers/nvme/target/tcp.c ++++ b/drivers/nvme/target/tcp.c +@@ -1751,8 +1751,10 @@ static u16 nvmet_tcp_install_queue(struct nvmet_sq *sq) + } + + queue->nr_cmds = sq->size * 2; +- if (nvmet_tcp_alloc_cmds(queue)) ++ if (nvmet_tcp_alloc_cmds(queue)) { ++ queue->nr_cmds = 0; + return NVME_SC_INTERNAL; ++ } + return 0; + } + +-- +2.43.0 + diff --git a/queue-5.4/series b/queue-5.4/series index df729d3c0e0..c8e5f6274d9 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -110,3 +110,10 @@ ring-buffer-rename-ring_buffer_read-to-read_buffer_i.patch tracing-avoid-possible-softlockup-in-tracing_iter_re.patch nilfs2-replace-snprintf-in-show-functions-with-sysfs.patch nilfs2-protect-references-to-superblock-parameters-e.patch +acpi-processor-return-an-error-if-acpi_processor_get.patch +acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch +arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch +arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch +nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch +drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch +drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch