From: Greg Kroah-Hartman Date: Tue, 17 Jun 2025 15:10:20 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v6.6.94~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a34eec23471f1a57ba87158a8df79cb8eeaa556d;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: calipso-unlock-rcu-before-returning-eafnosupport.patch drm-meson-use-1000ull-when-operating-with-mode-clock.patch kbuild-hdrcheck-fix-cross-build-with-clang.patch kbuild-userprogs-fix-bitsize-and-target-detection-on-clang.patch net-usb-aqc111-debug-info-before-sanitation.patch --- diff --git a/queue-6.1/calipso-unlock-rcu-before-returning-eafnosupport.patch b/queue-6.1/calipso-unlock-rcu-before-returning-eafnosupport.patch new file mode 100644 index 0000000000..928546c94d --- /dev/null +++ b/queue-6.1/calipso-unlock-rcu-before-returning-eafnosupport.patch @@ -0,0 +1,41 @@ +From 3cae906e1a6184cdc9e4d260e4dbdf9a118d94ad Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Wed, 4 Jun 2025 13:38:26 +0000 +Subject: calipso: unlock rcu before returning -EAFNOSUPPORT + +From: Eric Dumazet + +commit 3cae906e1a6184cdc9e4d260e4dbdf9a118d94ad upstream. + +syzbot reported that a recent patch forgot to unlock rcu +in the error path. + +Adopt the convention that netlbl_conn_setattr() is already using. + +Fixes: 6e9f2df1c550 ("calipso: Don't call calipso functions for AF_INET sk.") +Reported-by: syzbot +Signed-off-by: Eric Dumazet +Cc: Kuniyuki Iwashima +Acked-by: Paul Moore +Link: https://patch.msgid.link/20250604133826.1667664-1-edumazet@google.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/netlabel/netlabel_kapi.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/net/netlabel/netlabel_kapi.c ++++ b/net/netlabel/netlabel_kapi.c +@@ -1140,8 +1140,10 @@ int netlbl_conn_setattr(struct sock *sk, + break; + #if IS_ENABLED(CONFIG_IPV6) + case AF_INET6: +- if (sk->sk_family != AF_INET6) +- return -EAFNOSUPPORT; ++ if (sk->sk_family != AF_INET6) { ++ ret_val = -EAFNOSUPPORT; ++ goto conn_setattr_return; ++ } + + addr6 = (struct sockaddr_in6 *)addr; + entry = netlbl_domhsh_getentry_af6(secattr->domain, diff --git a/queue-6.1/drm-meson-use-1000ull-when-operating-with-mode-clock.patch b/queue-6.1/drm-meson-use-1000ull-when-operating-with-mode-clock.patch new file mode 100644 index 0000000000..a9fec620f0 --- /dev/null +++ b/queue-6.1/drm-meson-use-1000ull-when-operating-with-mode-clock.patch @@ -0,0 +1,44 @@ +From eb0851e14432f3b87c77b704c835ac376deda03a Mon Sep 17 00:00:00 2001 +From: I Hsin Cheng +Date: Tue, 6 May 2025 02:43:38 +0800 +Subject: drm/meson: Use 1000ULL when operating with mode->clock + +From: I Hsin Cheng + +commit eb0851e14432f3b87c77b704c835ac376deda03a upstream. + +Coverity scan reported the usage of "mode->clock * 1000" may lead to +integer overflow. Use "1000ULL" instead of "1000" +when utilizing it to avoid potential integer overflow issue. + +Link: https://scan5.scan.coverity.com/#/project-view/10074/10063?selectedIssue=1646759 +Signed-off-by: I Hsin Cheng +Reviewed-by: Martin Blumenstingl +Fixes: 1017560164b6 ("drm/meson: use unsigned long long / Hz for frequency types") +Link: https://lore.kernel.org/r/20250505184338.678540-1-richard120310@gmail.com +Signed-off-by: Neil Armstrong +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/meson/meson_encoder_hdmi.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/meson/meson_encoder_hdmi.c ++++ b/drivers/gpu/drm/meson/meson_encoder_hdmi.c +@@ -73,7 +73,7 @@ static void meson_encoder_hdmi_set_vclk( + unsigned long long venc_freq; + unsigned long long hdmi_freq; + +- vclk_freq = mode->clock * 1000; ++ vclk_freq = mode->clock * 1000ULL; + + /* For 420, pixel clock is half unlike venc clock */ + if (encoder_hdmi->output_bus_fmt == MEDIA_BUS_FMT_UYYVYY8_0_5X24) +@@ -121,7 +121,7 @@ static enum drm_mode_status meson_encode + struct meson_encoder_hdmi *encoder_hdmi = bridge_to_meson_encoder_hdmi(bridge); + struct meson_drm *priv = encoder_hdmi->priv; + bool is_hdmi2_sink = display_info->hdmi.scdc.supported; +- unsigned long long clock = mode->clock * 1000; ++ unsigned long long clock = mode->clock * 1000ULL; + unsigned long long phy_freq; + unsigned long long vclk_freq; + unsigned long long venc_freq; diff --git a/queue-6.1/kbuild-hdrcheck-fix-cross-build-with-clang.patch b/queue-6.1/kbuild-hdrcheck-fix-cross-build-with-clang.patch new file mode 100644 index 0000000000..c499f9b375 --- /dev/null +++ b/queue-6.1/kbuild-hdrcheck-fix-cross-build-with-clang.patch @@ -0,0 +1,40 @@ +From 02e9a22ceef0227175e391902d8760425fa072c6 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Tue, 25 Feb 2025 11:00:31 +0100 +Subject: kbuild: hdrcheck: fix cross build with clang + +From: Arnd Bergmann + +commit 02e9a22ceef0227175e391902d8760425fa072c6 upstream. + +The headercheck tries to call clang with a mix of compiler arguments +that don't include the target architecture. When building e.g. x86 +headers on arm64, this produces a warning like + + clang: warning: unknown platform, assuming -mfloat-abi=soft + +Add in the KBUILD_CPPFLAGS, which contain the target, in order to make it +build properly. + +See also 1b71c2fb04e7 ("kbuild: userprogs: fix bitsize and target +detection on clang"). + +Reviewed-by: Nathan Chancellor +Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman +--- + usr/include/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/usr/include/Makefile ++++ b/usr/include/Makefile +@@ -10,7 +10,7 @@ UAPI_CFLAGS := -std=c90 -Wall -Werror=im + + # In theory, we do not care -m32 or -m64 for header compile tests. + # It is here just because CONFIG_CC_CAN_LINK is tested with -m32 or -m64. +-UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) ++UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) + + # USERCFLAGS might contain sysroot location for CC. + UAPI_CFLAGS += $(USERCFLAGS) diff --git a/queue-6.1/kbuild-userprogs-fix-bitsize-and-target-detection-on-clang.patch b/queue-6.1/kbuild-userprogs-fix-bitsize-and-target-detection-on-clang.patch new file mode 100644 index 0000000000..eb420a21b9 --- /dev/null +++ b/queue-6.1/kbuild-userprogs-fix-bitsize-and-target-detection-on-clang.patch @@ -0,0 +1,42 @@ +From 1b71c2fb04e7a713abc6edde4a412416ff3158f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Thu, 13 Feb 2025 15:55:17 +0100 +Subject: kbuild: userprogs: fix bitsize and target detection on clang +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Weißschuh + +commit 1b71c2fb04e7a713abc6edde4a412416ff3158f2 upstream. + +scripts/Makefile.clang was changed in the linked commit to move --target from +KBUILD_CFLAGS to KBUILD_CPPFLAGS, as that generally has a broader scope. +However that variable is not inspected by the userprogs logic, +breaking cross compilation on clang. + +Use both variables to detect bitsize and target arguments for userprogs. + +Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") +Cc: stable@vger.kernel.org +Signed-off-by: Thomas Weißschuh +Reviewed-by: Nathan Chancellor +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman +--- + Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -1139,8 +1139,8 @@ LDFLAGS_vmlinux += --orphan-handling=war + endif + + # Align the bit size of userspace programs with the kernel +-KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) +-KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) ++KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) ++KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) + + # userspace programs are linked via the compiler, use the correct linker + ifeq ($(CONFIG_CC_IS_CLANG)$(CONFIG_LD_IS_LLD),yy) diff --git a/queue-6.1/net-usb-aqc111-debug-info-before-sanitation.patch b/queue-6.1/net-usb-aqc111-debug-info-before-sanitation.patch new file mode 100644 index 0000000000..e91febb106 --- /dev/null +++ b/queue-6.1/net-usb-aqc111-debug-info-before-sanitation.patch @@ -0,0 +1,51 @@ +From d3faab9b5a6a0477d69c38bd11c43aa5e936f929 Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Wed, 28 May 2025 13:03:54 +0200 +Subject: net: usb: aqc111: debug info before sanitation + +From: Oliver Neukum + +commit d3faab9b5a6a0477d69c38bd11c43aa5e936f929 upstream. + +If we sanitize error returns, the debug statements need +to come before that so that we don't lose information. + +Signed-off-by: Oliver Neukum +Fixes: 405b0d610745 ("net: usb: aqc111: fix error handling of usbnet read calls") +Reviewed-by: Andrew Lunn +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/usb/aqc111.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/net/usb/aqc111.c ++++ b/drivers/net/usb/aqc111.c +@@ -31,11 +31,11 @@ static int aqc111_read_cmd_nopm(struct u + USB_RECIP_DEVICE, value, index, data, size); + + if (unlikely(ret < size)) { +- ret = ret < 0 ? ret : -ENODATA; +- + netdev_warn(dev->net, + "Failed to read(0x%x) reg index 0x%04x: %d\n", + cmd, index, ret); ++ ++ ret = ret < 0 ? ret : -ENODATA; + } + + return ret; +@@ -50,11 +50,11 @@ static int aqc111_read_cmd(struct usbnet + USB_RECIP_DEVICE, value, index, data, size); + + if (unlikely(ret < size)) { +- ret = ret < 0 ? ret : -ENODATA; +- + netdev_warn(dev->net, + "Failed to read(0x%x) reg index 0x%04x: %d\n", + cmd, index, ret); ++ ++ ret = ret < 0 ? ret : -ENODATA; + } + + return ret; diff --git a/queue-6.1/serial-sh-sci-increment-the-runtime-usage-counter-fo.patch b/queue-6.1/serial-sh-sci-increment-the-runtime-usage-counter-fo.patch deleted file mode 100644 index 99639c3d7a..0000000000 --- a/queue-6.1/serial-sh-sci-increment-the-runtime-usage-counter-fo.patch +++ /dev/null @@ -1,92 +0,0 @@ -From dbbc48bd7d79961bab151022cd43e54b890140c3 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 11 Jun 2025 08:05:17 +0300 -Subject: serial: sh-sci: Increment the runtime usage counter for the earlycon - device - -From: Claudiu Beznea - -commit 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f upstream. - -In the sh-sci driver, serial ports are mapped to the sci_ports[] array, -with earlycon mapped at index zero. - -The uart_add_one_port() function eventually calls __device_attach(), -which, in turn, calls pm_request_idle(). The identified code path is as -follows: - -uart_add_one_port() -> - serial_ctrl_register_port() -> - serial_core_register_port() -> - serial_core_port_device_add() -> - serial_base_port_add() -> - device_add() -> - bus_probe_device() -> - device_initial_probe() -> - __device_attach() -> - // ... - if (dev->p->dead) { - // ... - } else if (dev->driver) { - // ... - } else { - // ... - pm_request_idle(dev); - // ... - } - -The earlycon device clocks are enabled by the bootloader. However, the -pm_request_idle() call in __device_attach() disables the SCI port clocks -while earlycon is still active. - -The earlycon write function, serial_console_write(), calls -sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks -are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to -remain unset indefinitely, causing the while loop in sci_poll_put_char() -to never exit. On single-core SoCs, this can result in the system being -blocked during boot when this issue occurs. - -To resolve this, increment the runtime PM usage counter for the earlycon -SCI device before registering the UART port. - -Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") -Cc: stable@vger.kernel.org -Signed-off-by: Claudiu Beznea -Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.renesas.com -Signed-off-by: Greg Kroah-Hartman -Signed-off-by: Claudiu Beznea -Signed-off-by: Sasha Levin ---- - drivers/tty/serial/sh-sci.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c -index cd724fc284700..f5c0ec4ea08fc 100644 ---- a/drivers/tty/serial/sh-sci.c -+++ b/drivers/tty/serial/sh-sci.c -@@ -3351,6 +3351,22 @@ static int sci_probe_single(struct platform_device *dev, - } - - if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { -+ /* -+ * In case: -+ * - this is the earlycon port (mapped on index 0 in sci_ports[]) and -+ * - it now maps to an alias other than zero and -+ * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is -+ * available in bootargs) -+ * -+ * we need to avoid disabling clocks and PM domains through the runtime -+ * PM APIs called in __device_attach(). For this, increment the runtime -+ * PM reference counter (the clocks and PM domains were already enabled -+ * by the bootloader). Otherwise the earlycon may access the HW when it -+ * has no clocks enabled leading to failures (infinite loop in -+ * sci_poll_put_char()). -+ */ -+ pm_runtime_get_noresume(&dev->dev); -+ - /* - * Skip cleanup the sci_port[0] in early_console_exit(), this - * port is the same as the earlycon one. --- -2.39.5 - diff --git a/queue-6.1/series b/queue-6.1/series index 4d7c3d9afe..7e283f76a9 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -229,7 +229,6 @@ arm64-dts-ti-k3-am65-main-add-missing-taps-to-sdhci0.patch serial-sh-sci-check-if-tx-data-was-written-to-device.patch serial-sh-sci-move-runtime-pm-enable-to-sci_probe_si.patch serial-sh-sci-clean-sci_ports-0-after-at-earlycon-ex.patch -serial-sh-sci-increment-the-runtime-usage-counter-fo.patch scsi-core-ufs-fix-a-hang-in-the-error-handler.patch bluetooth-hci_core-fix-list_for_each_entry_rcu-usage.patch bluetooth-mgmt-fix-uaf-on-mgmt_remove_adv_monitor_co.patch @@ -291,3 +290,8 @@ usb-flush-altsetting-0-endpoints-before-reinitializating-them-after-reset.patch usb-typec-tcpm-tcpci_maxim-fix-bounds-check-in-process_rx.patch xen-arm-call-uaccess_ttbr0_enable-for-dm_op-hypercall.patch x86-iopl-cure-tif_io_bitmap-inconsistencies.patch +calipso-unlock-rcu-before-returning-eafnosupport.patch +net-usb-aqc111-debug-info-before-sanitation.patch +drm-meson-use-1000ull-when-operating-with-mode-clock.patch +kbuild-userprogs-fix-bitsize-and-target-detection-on-clang.patch +kbuild-hdrcheck-fix-cross-build-with-clang.patch