From: Greg Kroah-Hartman Date: Sun, 7 Sep 2025 16:21:44 +0000 (+0200) Subject: 6.16-stable patches X-Git-Tag: v5.4.299~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a70f52c502bfcfa0d3af9e9cdea95bfe5ed61e7f;p=thirdparty%2Fkernel%2Fstable-queue.git 6.16-stable patches added patches: acpi-risc-v-fix-ffh_cppc_csr-error-handling.patch riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_get_smp_processor_id.patch riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_mov64_percpu_reg.patch riscv-fix-sparse-warning-about-different-address-spaces.patch riscv-fix-sparse-warning-in-__get_user_error.patch riscv-kexec-initialize-kexec_buf-struct.patch riscv-only-allow-lto-with-cmodel_medany.patch riscv-uaccess-fix-__put_user_nocheck-for-unaligned-accesses.patch riscv-use-lw-when-reading-int-cpu-in-asm_per_cpu.patch riscv-use-lw-when-reading-int-cpu-in-new_vmalloc_check.patch --- diff --git a/queue-6.16/acpi-risc-v-fix-ffh_cppc_csr-error-handling.patch b/queue-6.16/acpi-risc-v-fix-ffh_cppc_csr-error-handling.patch new file mode 100644 index 0000000000..25bf281ece --- /dev/null +++ b/queue-6.16/acpi-risc-v-fix-ffh_cppc_csr-error-handling.patch @@ -0,0 +1,48 @@ +From 5b3706597b90a7b6c9ae148edd07a43531dcd49e Mon Sep 17 00:00:00 2001 +From: Anup Patel +Date: Mon, 18 Aug 2025 20:05:59 +0530 +Subject: ACPI: RISC-V: Fix FFH_CPPC_CSR error handling + +From: Anup Patel + +commit 5b3706597b90a7b6c9ae148edd07a43531dcd49e upstream. + +The cppc_ffh_csr_read() and cppc_ffh_csr_write() returns Linux error +code in "data->ret.error" so cpc_read_ffh() and cpc_write_ffh() must +not use sbi_err_map_linux_errno() for FFH_CPPC_CSR. + +Fixes: 30f3ffbee86b ("ACPI: RISC-V: Add CPPC driver") +Signed-off-by: Anup Patel +Reviewed-by: Andrew Jones +Reviewed-by: Troy Mitchell +Reviewed-by: Sunil V L +Reviewed-by: Nutty Liu +Reviewed-by: Atish Patra +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20250818143600.894385-2-apatel@ventanamicro.com +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/riscv/cppc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/acpi/riscv/cppc.c ++++ b/drivers/acpi/riscv/cppc.c +@@ -119,7 +119,7 @@ int cpc_read_ffh(int cpu, struct cpc_reg + + *val = data.ret.value; + +- return (data.ret.error) ? sbi_err_map_linux_errno(data.ret.error) : 0; ++ return data.ret.error; + } + + return -EINVAL; +@@ -148,7 +148,7 @@ int cpc_write_ffh(int cpu, struct cpc_re + + smp_call_function_single(cpu, cppc_ffh_csr_write, &data, 1); + +- return (data.ret.error) ? sbi_err_map_linux_errno(data.ret.error) : 0; ++ return data.ret.error; + } + + return -EINVAL; diff --git a/queue-6.16/riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_get_smp_processor_id.patch b/queue-6.16/riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_get_smp_processor_id.patch new file mode 100644 index 0000000000..b443e6b839 --- /dev/null +++ b/queue-6.16/riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_get_smp_processor_id.patch @@ -0,0 +1,38 @@ +From 8a16586fa7b8a01360890d284896b90c217dca44 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= +Date: Tue, 12 Aug 2025 11:02:56 +0200 +Subject: riscv, bpf: use lw when reading int cpu in bpf_get_smp_processor_id +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit 8a16586fa7b8a01360890d284896b90c217dca44 upstream. + +emit_ld is wrong, because thread_info.cpu is 32-bit, not xlen-bit wide. +The struct currently has a hole after cpu, so little endian accesses +seemed fine. + +Fixes: 2ddec2c80b44 ("riscv, bpf: inline bpf_get_smp_processor_id()") +Cc: stable@vger.kernel.org +Signed-off-by: Radim Krčmář +Reviewed-by: Pu Lehui +Link: https://lore.kernel.org/r/20250812090256.757273-4-rkrcmar@ventanamicro.com +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/net/bpf_jit_comp64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/riscv/net/bpf_jit_comp64.c ++++ b/arch/riscv/net/bpf_jit_comp64.c +@@ -1763,7 +1763,7 @@ int bpf_jit_emit_insn(const struct bpf_i + */ + if (insn->src_reg == 0 && insn->imm == BPF_FUNC_get_smp_processor_id) { + /* Load current CPU number in R0 */ +- emit_ld(bpf_to_rv_reg(BPF_REG_0, ctx), offsetof(struct thread_info, cpu), ++ emit_lw(bpf_to_rv_reg(BPF_REG_0, ctx), offsetof(struct thread_info, cpu), + RV_REG_TP, ctx); + break; + } diff --git a/queue-6.16/riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_mov64_percpu_reg.patch b/queue-6.16/riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_mov64_percpu_reg.patch new file mode 100644 index 0000000000..6d3e107dd3 --- /dev/null +++ b/queue-6.16/riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_mov64_percpu_reg.patch @@ -0,0 +1,41 @@ +From ad5348c765914766a98ad26cf7a8c28d51a16bdd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= +Date: Tue, 12 Aug 2025 11:02:55 +0200 +Subject: riscv, bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit ad5348c765914766a98ad26cf7a8c28d51a16bdd upstream. + +emit_ld is wrong, because thread_info.cpu is 32-bit, not xlen-bit wide. +The struct currently has a hole after cpu, so little endian accesses +seemed fine. + +Fixes: 19c56d4e5be1 ("riscv, bpf: add internal-only MOV instruction to resolve per-CPU addrs") +Cc: stable@vger.kernel.org +Signed-off-by: Radim Krčmář +Reviewed-by: Pu Lehui +Acked-by: Björn Töpel +Tested-by: Björn Töpel # QEMU +Reviewed-by: Alexandre Ghiti +Link: https://lore.kernel.org/r/20250812090256.757273-3-rkrcmar@ventanamicro.com +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/net/bpf_jit_comp64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/riscv/net/bpf_jit_comp64.c ++++ b/arch/riscv/net/bpf_jit_comp64.c +@@ -1356,7 +1356,7 @@ int bpf_jit_emit_insn(const struct bpf_i + emit_mv(rd, rs, ctx); + #ifdef CONFIG_SMP + /* Load current CPU number in T1 */ +- emit_ld(RV_REG_T1, offsetof(struct thread_info, cpu), ++ emit_lw(RV_REG_T1, offsetof(struct thread_info, cpu), + RV_REG_TP, ctx); + /* Load address of __per_cpu_offset array in T2 */ + emit_addr(RV_REG_T2, (u64)&__per_cpu_offset, extra_pass, ctx); diff --git a/queue-6.16/riscv-fix-sparse-warning-about-different-address-spaces.patch b/queue-6.16/riscv-fix-sparse-warning-about-different-address-spaces.patch new file mode 100644 index 0000000000..a0b85c1cbc --- /dev/null +++ b/queue-6.16/riscv-fix-sparse-warning-about-different-address-spaces.patch @@ -0,0 +1,48 @@ +From a03ee11b8f850bd008226c6d392da24163dfb56e Mon Sep 17 00:00:00 2001 +From: Alexandre Ghiti +Date: Wed, 3 Sep 2025 18:53:09 +0000 +Subject: riscv: Fix sparse warning about different address spaces + +From: Alexandre Ghiti + +commit a03ee11b8f850bd008226c6d392da24163dfb56e upstream. + +We did not propagate the __user attribute of the pointers in +__get_kernel_nofault() and __put_kernel_nofault(), which results in +sparse complaining: + +>> mm/maccess.c:41:17: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void const [noderef] __user *from @@ got unsigned long long [usertype] * @@ + mm/maccess.c:41:17: sparse: expected void const [noderef] __user *from + mm/maccess.c:41:17: sparse: got unsigned long long [usertype] * + +So fix this by correctly casting those pointers. + +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202508161713.RWu30Lv1-lkp@intel.com/ +Suggested-by: Al Viro +Fixes: f6bff7827a48 ("riscv: uaccess: use 'asm_goto_output' for get_user()") +Cc: stable@vger.kernel.org +Signed-off-by: Alexandre Ghiti +Reviewed-by: Cyril Bur +Link: https://lore.kernel.org/r/20250903-dev-alex-sparse_warnings_v1-v1-2-7e6350beb700@rivosinc.com +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/uaccess.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/riscv/include/asm/uaccess.h ++++ b/arch/riscv/include/asm/uaccess.h +@@ -438,10 +438,10 @@ unsigned long __must_check clear_user(vo + } + + #define __get_kernel_nofault(dst, src, type, err_label) \ +- __get_user_nocheck(*((type *)(dst)), (type *)(src), err_label) ++ __get_user_nocheck(*((type *)(dst)), (__force __user type *)(src), err_label) + + #define __put_kernel_nofault(dst, src, type, err_label) \ +- __put_user_nocheck(*((type *)(src)), (type *)(dst), err_label) ++ __put_user_nocheck(*((type *)(src)), (__force __user type *)(dst), err_label) + + static __must_check __always_inline bool user_access_begin(const void __user *ptr, size_t len) + { diff --git a/queue-6.16/riscv-fix-sparse-warning-in-__get_user_error.patch b/queue-6.16/riscv-fix-sparse-warning-in-__get_user_error.patch new file mode 100644 index 0000000000..c46d66a367 --- /dev/null +++ b/queue-6.16/riscv-fix-sparse-warning-in-__get_user_error.patch @@ -0,0 +1,49 @@ +From fef7ded169ed7e133612f90a032dc2af1ce19bef Mon Sep 17 00:00:00 2001 +From: Alexandre Ghiti +Date: Wed, 3 Sep 2025 18:53:08 +0000 +Subject: riscv: Fix sparse warning in __get_user_error() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alexandre Ghiti + +commit fef7ded169ed7e133612f90a032dc2af1ce19bef upstream. + +We used to assign 0 to x without an appropriate cast which results in +sparse complaining when x is a pointer: + +>> block/ioctl.c:72:39: sparse: sparse: Using plain integer as NULL pointer + +So fix this by casting 0 to the correct type of x. + +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202508062321.gHv4kvuY-lkp@intel.com/ +Fixes: f6bff7827a48 ("riscv: uaccess: use 'asm_goto_output' for get_user()") +Cc: stable@vger.kernel.org +Signed-off-by: Alexandre Ghiti +Reviewed-by: Clément Léger +Reviewed-by: Cyril Bur +Link: https://lore.kernel.org/r/20250903-dev-alex-sparse_warnings_v1-v1-1-7e6350beb700@rivosinc.com +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/uaccess.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/riscv/include/asm/uaccess.h b/arch/riscv/include/asm/uaccess.h +index 22e3f52a763d..551e7490737e 100644 +--- a/arch/riscv/include/asm/uaccess.h ++++ b/arch/riscv/include/asm/uaccess.h +@@ -209,7 +209,7 @@ do { \ + err = 0; \ + break; \ + __gu_failed: \ +- x = 0; \ ++ x = (__typeof__(x))0; \ + err = -EFAULT; \ + } while (0) + +-- +2.51.0 + diff --git a/queue-6.16/riscv-kexec-initialize-kexec_buf-struct.patch b/queue-6.16/riscv-kexec-initialize-kexec_buf-struct.patch new file mode 100644 index 0000000000..59abc747d8 --- /dev/null +++ b/queue-6.16/riscv-kexec-initialize-kexec_buf-struct.patch @@ -0,0 +1,88 @@ +From 95c54cd9c769a198118772e196adfaa1f002e365 Mon Sep 17 00:00:00 2001 +From: Breno Leitao +Date: Wed, 27 Aug 2025 03:42:22 -0700 +Subject: riscv: kexec: Initialize kexec_buf struct + +From: Breno Leitao + +commit 95c54cd9c769a198118772e196adfaa1f002e365 upstream. + +The kexec_buf structure was previously declared without initialization. +commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") +added a field that is always read but not consistently populated by all +architectures. This un-initialized field will contain garbage. + +This is also triggering a UBSAN warning when the uninitialized data was +accessed: + + ------------[ cut here ]------------ + UBSAN: invalid-load in ./include/linux/kexec.h:210:10 + load of value 252 is not a valid value for type '_Bool' + +Zero-initializing kexec_buf at declaration ensures all fields are +cleanly set, preventing future instances of uninitialized memory being +used. + +Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") +Signed-off-by: Breno Leitao +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20250827-kbuf_all-v1-2-1df9882bb01a@debian.org +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/kernel/kexec_elf.c | 4 ++-- + arch/riscv/kernel/kexec_image.c | 2 +- + arch/riscv/kernel/machine_kexec_file.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/riscv/kernel/kexec_elf.c b/arch/riscv/kernel/kexec_elf.c +index 56444c7bd34e..531d348db84d 100644 +--- a/arch/riscv/kernel/kexec_elf.c ++++ b/arch/riscv/kernel/kexec_elf.c +@@ -28,7 +28,7 @@ static int riscv_kexec_elf_load(struct kimage *image, struct elfhdr *ehdr, + int i; + int ret = 0; + size_t size; +- struct kexec_buf kbuf; ++ struct kexec_buf kbuf = {}; + const struct elf_phdr *phdr; + + kbuf.image = image; +@@ -66,7 +66,7 @@ static int elf_find_pbase(struct kimage *image, unsigned long kernel_len, + { + int i; + int ret; +- struct kexec_buf kbuf; ++ struct kexec_buf kbuf = {}; + const struct elf_phdr *phdr; + unsigned long lowest_paddr = ULONG_MAX; + unsigned long lowest_vaddr = ULONG_MAX; +diff --git a/arch/riscv/kernel/kexec_image.c b/arch/riscv/kernel/kexec_image.c +index 26a81774a78a..8f2eb900910b 100644 +--- a/arch/riscv/kernel/kexec_image.c ++++ b/arch/riscv/kernel/kexec_image.c +@@ -41,7 +41,7 @@ static void *image_load(struct kimage *image, + struct riscv_image_header *h; + u64 flags; + bool be_image, be_kernel; +- struct kexec_buf kbuf; ++ struct kexec_buf kbuf = {}; + int ret; + + /* Check Image header */ +diff --git a/arch/riscv/kernel/machine_kexec_file.c b/arch/riscv/kernel/machine_kexec_file.c +index e36104af2e24..b9eb41b0a975 100644 +--- a/arch/riscv/kernel/machine_kexec_file.c ++++ b/arch/riscv/kernel/machine_kexec_file.c +@@ -261,7 +261,7 @@ int load_extra_segments(struct kimage *image, unsigned long kernel_start, + int ret; + void *fdt; + unsigned long initrd_pbase = 0UL; +- struct kexec_buf kbuf; ++ struct kexec_buf kbuf = {}; + char *modified_cmdline = NULL; + + kbuf.image = image; +-- +2.51.0 + diff --git a/queue-6.16/riscv-only-allow-lto-with-cmodel_medany.patch b/queue-6.16/riscv-only-allow-lto-with-cmodel_medany.patch new file mode 100644 index 0000000000..9887dfa3b5 --- /dev/null +++ b/queue-6.16/riscv-only-allow-lto-with-cmodel_medany.patch @@ -0,0 +1,46 @@ +From 41f9049cff324b7033e6ed1ded7dfff803cf550a Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Thu, 10 Jul 2025 13:25:26 -0700 +Subject: riscv: Only allow LTO with CMODEL_MEDANY + +From: Nathan Chancellor + +commit 41f9049cff324b7033e6ed1ded7dfff803cf550a upstream. + +When building with CONFIG_CMODEL_MEDLOW and CONFIG_LTO_CLANG, there is a +series of errors due to some files being unconditionally compiled with +'-mcmodel=medany', mismatching with the rest of the kernel built with +'-mcmodel=medlow': + + ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values: 'i32 3' from vmlinux.a(init.o at 899908), and 'i32 1' from vmlinux.a(net-traces.o at 1014628) + +Only allow LTO to be performed when CONFIG_CMODEL_MEDANY is enabled to +ensure there will be no code model mismatch errors. An alternative +solution would be disabling LTO for the files with a different code +model than the main kernel like some specialized areas of the kernel do +but doing that for individual files is not as sustainable than +forbidding the combination altogether. + +Cc: stable@vger.kernel.org +Fixes: 021d23428bdb ("RISC-V: build: Allow LTO to be selected") +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202506290255.KBVM83vZ-lkp@intel.com/ +Signed-off-by: Nathan Chancellor +Link: https://lore.kernel.org/r/20250710-riscv-restrict-lto-to-medany-v1-1-b1dac9871ecf@kernel.org +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -69,7 +69,7 @@ config RISCV + select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE + select ARCH_SUPPORTS_HUGETLBFS if MMU + # LLD >= 14: https://github.com/llvm/llvm-project/issues/50505 +- select ARCH_SUPPORTS_LTO_CLANG if LLD_VERSION >= 140000 ++ select ARCH_SUPPORTS_LTO_CLANG if LLD_VERSION >= 140000 && CMODEL_MEDANY + select ARCH_SUPPORTS_LTO_CLANG_THIN if LLD_VERSION >= 140000 + select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS if 64BIT && MMU + select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU diff --git a/queue-6.16/riscv-uaccess-fix-__put_user_nocheck-for-unaligned-accesses.patch b/queue-6.16/riscv-uaccess-fix-__put_user_nocheck-for-unaligned-accesses.patch new file mode 100644 index 0000000000..606d29aec8 --- /dev/null +++ b/queue-6.16/riscv-uaccess-fix-__put_user_nocheck-for-unaligned-accesses.patch @@ -0,0 +1,45 @@ +From 1046791390af6703a5e24718a16f37974adb11db Mon Sep 17 00:00:00 2001 +From: Aurelien Jarno +Date: Fri, 25 Jul 2025 00:08:52 +0200 +Subject: riscv: uaccess: fix __put_user_nocheck for unaligned accesses + +From: Aurelien Jarno + +commit 1046791390af6703a5e24718a16f37974adb11db upstream. + +The type of the value to write should be determined by the size of the +destination, not by the value itself, which may be a constant. This +aligns the behavior with x86_64, where __typeof__(*(__gu_ptr)) is used +to infer the correct type. + +This fixes an issue in put_cmsg, which was only writing 4 out of 8 +bytes to the cmsg_len field, causing the glibc tst-socket-timestamp test +to fail. + +Fixes: ca1a66cdd685 ("riscv: uaccess: do not do misaligned accesses in get/put_user()") +Signed-off-by: Aurelien Jarno +Reviewed-by: Alexandre Ghiti +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20250724220853.1969954-1-aurelien@aurel32.net +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/uaccess.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/riscv/include/asm/uaccess.h b/arch/riscv/include/asm/uaccess.h +index b88a6218b7f2..22e3f52a763d 100644 +--- a/arch/riscv/include/asm/uaccess.h ++++ b/arch/riscv/include/asm/uaccess.h +@@ -311,7 +311,7 @@ do { \ + do { \ + if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && \ + !IS_ALIGNED((uintptr_t)__gu_ptr, sizeof(*__gu_ptr))) { \ +- __inttype(x) ___val = (__inttype(x))x; \ ++ __typeof__(*(__gu_ptr)) ___val = (x); \ + if (__asm_copy_to_user_sum_enabled(__gu_ptr, &(___val), sizeof(*__gu_ptr))) \ + goto label; \ + break; \ +-- +2.51.0 + diff --git a/queue-6.16/riscv-use-lw-when-reading-int-cpu-in-asm_per_cpu.patch b/queue-6.16/riscv-use-lw-when-reading-int-cpu-in-asm_per_cpu.patch new file mode 100644 index 0000000000..29cde3e846 --- /dev/null +++ b/queue-6.16/riscv-use-lw-when-reading-int-cpu-in-asm_per_cpu.patch @@ -0,0 +1,38 @@ +From f4ea67a722e8c9e1fb8109adebb9fb881ff0793a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= +Date: Fri, 25 Jul 2025 18:54:10 +0200 +Subject: riscv: use lw when reading int cpu in asm_per_cpu +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit f4ea67a722e8c9e1fb8109adebb9fb881ff0793a upstream. + +REG_L is wrong, because thread_info.cpu is 32-bit, not xlen-bit wide. +The struct currently has a hole after cpu, so little endian accesses +seemed fine. + +Fixes: be97d0db5f44 ("riscv: VMAP_STACK overflow detection thread-safe") +Cc: stable@vger.kernel.org +Reviewed-by: Alexandre Ghiti +Signed-off-by: Radim Krčmář +Link: https://lore.kernel.org/r/20250725165410.2896641-5-rkrcmar@ventanamicro.com +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/asm.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/riscv/include/asm/asm.h ++++ b/arch/riscv/include/asm/asm.h +@@ -91,7 +91,7 @@ + #endif + + .macro asm_per_cpu dst sym tmp +- REG_L \tmp, TASK_TI_CPU_NUM(tp) ++ lw \tmp, TASK_TI_CPU_NUM(tp) + slli \tmp, \tmp, PER_CPU_OFFSET_SHIFT + la \dst, __per_cpu_offset + add \dst, \dst, \tmp diff --git a/queue-6.16/riscv-use-lw-when-reading-int-cpu-in-new_vmalloc_check.patch b/queue-6.16/riscv-use-lw-when-reading-int-cpu-in-new_vmalloc_check.patch new file mode 100644 index 0000000000..4a3a2de456 --- /dev/null +++ b/queue-6.16/riscv-use-lw-when-reading-int-cpu-in-new_vmalloc_check.patch @@ -0,0 +1,38 @@ +From e108c8a94f3f958c877f6ec7a6052a893ae4aa98 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= +Date: Fri, 25 Jul 2025 18:54:09 +0200 +Subject: riscv: use lw when reading int cpu in new_vmalloc_check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit e108c8a94f3f958c877f6ec7a6052a893ae4aa98 upstream. + +REG_L is wrong, because thread_info.cpu is 32-bit, not xlen-bit wide. +The struct currently has a hole after cpu, so little endian accesses +seemed fine. + +Fixes: 503638e0babf ("riscv: Stop emitting preventive sfence.vma for new vmalloc mappings") +Cc: stable@vger.kernel.org +Reviewed-by: Alexandre Ghiti +Signed-off-by: Radim Krčmář +Link: https://lore.kernel.org/r/20250725165410.2896641-4-rkrcmar@ventanamicro.com +Signed-off-by: Paul Walmsley +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/kernel/entry.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/riscv/kernel/entry.S ++++ b/arch/riscv/kernel/entry.S +@@ -46,7 +46,7 @@ + * a0 = &new_vmalloc[BIT_WORD(cpu)] + * a1 = BIT_MASK(cpu) + */ +- REG_L a2, TASK_TI_CPU(tp) ++ lw a2, TASK_TI_CPU(tp) + /* + * Compute the new_vmalloc element position: + * (cpu / 64) * 8 = (cpu >> 6) << 3 diff --git a/queue-6.16/series b/queue-6.16/series index 421861ff13..1254926532 100644 --- a/queue-6.16/series +++ b/queue-6.16/series @@ -170,3 +170,13 @@ tools-gpio-remove-the-include-directory-on-make-clea.patch md-raid1-fix-data-lost-for-writemostly-rdev.patch md-prevent-incorrect-update-of-resync-recovery-offse.patch drm-i915-gem-allow-exec_capture-on-recoverable-conte.patch +acpi-risc-v-fix-ffh_cppc_csr-error-handling.patch +riscv-only-allow-lto-with-cmodel_medany.patch +riscv-uaccess-fix-__put_user_nocheck-for-unaligned-accesses.patch +riscv-use-lw-when-reading-int-cpu-in-new_vmalloc_check.patch +riscv-use-lw-when-reading-int-cpu-in-asm_per_cpu.patch +riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_mov64_percpu_reg.patch +riscv-bpf-use-lw-when-reading-int-cpu-in-bpf_get_smp_processor_id.patch +riscv-kexec-initialize-kexec_buf-struct.patch +riscv-fix-sparse-warning-in-__get_user_error.patch +riscv-fix-sparse-warning-about-different-address-spaces.patch