From: Greg Kroah-Hartman Date: Tue, 4 Mar 2025 16:54:04 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v6.6.81~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a98865e9feceffbaca24c008ca7cced6aa53b224;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: ftrace-avoid-potential-division-by-zero-in-function_stat_show.patch perf-core-fix-low-freq-setting-via-ioc_period.patch phy-exynos5-usbdrd-fix-mpll_multiplier-and-ssc_refclksel-masks-in-refclk.patch phy-tegra-xusb-reset-vbus-id-override.patch sched-core-prevent-rescheduling-when-interrupts-are-disabled.patch usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch --- diff --git a/queue-5.4/ftrace-avoid-potential-division-by-zero-in-function_stat_show.patch b/queue-5.4/ftrace-avoid-potential-division-by-zero-in-function_stat_show.patch new file mode 100644 index 0000000000..382d56d71f --- /dev/null +++ b/queue-5.4/ftrace-avoid-potential-division-by-zero-in-function_stat_show.patch @@ -0,0 +1,73 @@ +From a1a7eb89ca0b89dc1c326eeee2596f263291aca3 Mon Sep 17 00:00:00 2001 +From: Nikolay Kuratov +Date: Thu, 6 Feb 2025 12:01:56 +0300 +Subject: ftrace: Avoid potential division by zero in function_stat_show() + +From: Nikolay Kuratov + +commit a1a7eb89ca0b89dc1c326eeee2596f263291aca3 upstream. + +Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} +produce zero and skip stddev computation in that case. + +For now don't care about rec->counter * rec->counter overflow because +rec->time * rec->time overflow will likely happen earlier. + +Cc: stable@vger.kernel.org +Cc: Wen Yang +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Link: https://lore.kernel.org/20250206090156.1561783-1-kniv@yandex-team.ru +Fixes: e31f7939c1c27 ("ftrace: Avoid potential division by zero in function profiler") +Signed-off-by: Nikolay Kuratov +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/ftrace.c | 27 ++++++++++++--------------- + 1 file changed, 12 insertions(+), 15 deletions(-) + +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -514,6 +514,7 @@ static int function_stat_show(struct seq + static struct trace_seq s; + unsigned long long avg; + unsigned long long stddev; ++ unsigned long long stddev_denom; + #endif + mutex_lock(&ftrace_profile_lock); + +@@ -535,23 +536,19 @@ static int function_stat_show(struct seq + #ifdef CONFIG_FUNCTION_GRAPH_TRACER + seq_puts(m, " "); + +- /* Sample standard deviation (s^2) */ +- if (rec->counter <= 1) +- stddev = 0; +- else { +- /* +- * Apply Welford's method: +- * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2) +- */ ++ /* ++ * Variance formula: ++ * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2) ++ * Maybe Welford's method is better here? ++ * Divide only by 1000 for ns^2 -> us^2 conversion. ++ * trace_print_graph_duration will divide by 1000 again. ++ */ ++ stddev = 0; ++ stddev_denom = rec->counter * (rec->counter - 1) * 1000; ++ if (stddev_denom) { + stddev = rec->counter * rec->time_squared - + rec->time * rec->time; +- +- /* +- * Divide only 1000 for ns^2 -> us^2 conversion. +- * trace_print_graph_duration will divide 1000 again. +- */ +- stddev = div64_ul(stddev, +- rec->counter * (rec->counter - 1) * 1000); ++ stddev = div64_ul(stddev, stddev_denom); + } + + trace_seq_init(&s); diff --git a/queue-5.4/perf-core-fix-low-freq-setting-via-ioc_period.patch b/queue-5.4/perf-core-fix-low-freq-setting-via-ioc_period.patch new file mode 100644 index 0000000000..73ca13b3d3 --- /dev/null +++ b/queue-5.4/perf-core-fix-low-freq-setting-via-ioc_period.patch @@ -0,0 +1,59 @@ +From 0d39844150546fa1415127c5fbae26db64070dd3 Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Fri, 17 Jan 2025 07:19:12 -0800 +Subject: perf/core: Fix low freq setting via IOC_PERIOD + +From: Kan Liang + +commit 0d39844150546fa1415127c5fbae26db64070dd3 upstream. + +A low attr::freq value cannot be set via IOC_PERIOD on some platforms. + +The perf_event_check_period() introduced in: + + 81ec3f3c4c4d ("perf/x86: Add check_period PMU callback") + +was intended to check the period, rather than the frequency. +A low frequency may be mistakenly rejected by limit_period(). + +Fix it. + +Fixes: 81ec3f3c4c4d ("perf/x86: Add check_period PMU callback") +Signed-off-by: Kan Liang +Signed-off-by: Ingo Molnar +Reviewed-by: Ravi Bangoria +Cc: Peter Zijlstra +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20250117151913.3043942-2-kan.liang@linux.intel.com +Closes: https://lore.kernel.org/lkml/20250115154949.3147-1-ravi.bangoria@amd.com/ +Signed-off-by: Greg Kroah-Hartman +--- + kernel/events/core.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -5217,14 +5217,15 @@ static int perf_event_period(struct perf + if (!value) + return -EINVAL; + +- if (event->attr.freq && value > sysctl_perf_event_sample_rate) +- return -EINVAL; +- +- if (perf_event_check_period(event, value)) +- return -EINVAL; +- +- if (!event->attr.freq && (value & (1ULL << 63))) +- return -EINVAL; ++ if (event->attr.freq) { ++ if (value > sysctl_perf_event_sample_rate) ++ return -EINVAL; ++ } else { ++ if (perf_event_check_period(event, value)) ++ return -EINVAL; ++ if (value & (1ULL << 63)) ++ return -EINVAL; ++ } + + event_function_call(event, __perf_event_period, &value); + diff --git a/queue-5.4/phy-exynos5-usbdrd-fix-mpll_multiplier-and-ssc_refclksel-masks-in-refclk.patch b/queue-5.4/phy-exynos5-usbdrd-fix-mpll_multiplier-and-ssc_refclksel-masks-in-refclk.patch new file mode 100644 index 0000000000..0bda322aa2 --- /dev/null +++ b/queue-5.4/phy-exynos5-usbdrd-fix-mpll_multiplier-and-ssc_refclksel-masks-in-refclk.patch @@ -0,0 +1,53 @@ +From e2158c953c973adb49383ddea2504faf08d375b7 Mon Sep 17 00:00:00 2001 +From: Kaustabh Chakraborty +Date: Sun, 9 Feb 2025 00:29:30 +0530 +Subject: phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk + +From: Kaustabh Chakraborty + +commit e2158c953c973adb49383ddea2504faf08d375b7 upstream. + +In exynos5_usbdrd_{pipe3,utmi}_set_refclk(), the masks +PHYCLKRST_MPLL_MULTIPLIER_MASK and PHYCLKRST_SSC_REFCLKSEL_MASK are not +inverted when applied to the register values. Fix it. + +Cc: stable@vger.kernel.org +Fixes: 59025887fb08 ("phy: Add new Exynos5 USB 3.0 PHY driver") +Signed-off-by: Kaustabh Chakraborty +Reviewed-by: Krzysztof Kozlowski +Reviewed-by: Anand Moon +Link: https://lore.kernel.org/r/20250209-exynos5-usbdrd-masks-v1-1-4f7f83f323d7@disroot.org +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/phy/samsung/phy-exynos5-usbdrd.c ++++ b/drivers/phy/samsung/phy-exynos5-usbdrd.c +@@ -287,9 +287,9 @@ exynos5_usbdrd_pipe3_set_refclk(struct p + reg |= PHYCLKRST_REFCLKSEL_EXT_REFCLK; + + /* FSEL settings corresponding to reference clock */ +- reg &= ~PHYCLKRST_FSEL_PIPE_MASK | +- PHYCLKRST_MPLL_MULTIPLIER_MASK | +- PHYCLKRST_SSC_REFCLKSEL_MASK; ++ reg &= ~(PHYCLKRST_FSEL_PIPE_MASK | ++ PHYCLKRST_MPLL_MULTIPLIER_MASK | ++ PHYCLKRST_SSC_REFCLKSEL_MASK); + switch (phy_drd->extrefclk) { + case EXYNOS5_FSEL_50MHZ: + reg |= (PHYCLKRST_MPLL_MULTIPLIER_50M_REF | +@@ -331,9 +331,9 @@ exynos5_usbdrd_utmi_set_refclk(struct ph + reg &= ~PHYCLKRST_REFCLKSEL_MASK; + reg |= PHYCLKRST_REFCLKSEL_EXT_REFCLK; + +- reg &= ~PHYCLKRST_FSEL_UTMI_MASK | +- PHYCLKRST_MPLL_MULTIPLIER_MASK | +- PHYCLKRST_SSC_REFCLKSEL_MASK; ++ reg &= ~(PHYCLKRST_FSEL_UTMI_MASK | ++ PHYCLKRST_MPLL_MULTIPLIER_MASK | ++ PHYCLKRST_SSC_REFCLKSEL_MASK); + reg |= PHYCLKRST_FSEL(phy_drd->extrefclk); + + return reg; diff --git a/queue-5.4/phy-tegra-xusb-reset-vbus-id-override.patch b/queue-5.4/phy-tegra-xusb-reset-vbus-id-override.patch new file mode 100644 index 0000000000..15a33ed29e --- /dev/null +++ b/queue-5.4/phy-tegra-xusb-reset-vbus-id-override.patch @@ -0,0 +1,69 @@ +From 55f1a5f7c97c3c92ba469e16991a09274410ceb7 Mon Sep 17 00:00:00 2001 +From: BH Hsieh +Date: Wed, 22 Jan 2025 18:59:43 +0800 +Subject: phy: tegra: xusb: reset VBUS & ID OVERRIDE + +From: BH Hsieh + +commit 55f1a5f7c97c3c92ba469e16991a09274410ceb7 upstream. + +Observed VBUS_OVERRIDE & ID_OVERRIDE might be programmed +with unexpected value prior to XUSB PADCTL driver, this +could also occur in virtualization scenario. + +For example, UEFI firmware programs ID_OVERRIDE=GROUNDED to set +a type-c port to host mode and keeps the value to kernel. +If the type-c port is connected a usb host, below errors can be +observed right after usb host mode driver gets probed. The errors +would keep until usb role class driver detects the type-c port +as device mode and notifies usb device mode driver to set both +ID_OVERRIDE and VBUS_OVERRIDE to correct value by XUSB PADCTL +driver. + +[ 173.765814] usb usb3-port2: Cannot enable. Maybe the USB cable is bad? +[ 173.765837] usb usb3-port2: config error + +Taking virtualization into account, asserting XUSB PADCTL +reset would break XUSB functions used by other guest OS, +hence only reset VBUS & ID OVERRIDE of the port in +utmi_phy_init. + +Fixes: bbf711682cd5 ("phy: tegra: xusb: Add Tegra186 support") +Cc: stable@vger.kernel.org +Change-Id: Ic63058d4d49b4a1f8f9ab313196e20ad131cc591 +Signed-off-by: BH Hsieh +Signed-off-by: Henry Lin +Link: https://lore.kernel.org/r/20250122105943.8057-1-henryl@nvidia.com +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/phy/tegra/xusb-tegra186.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/phy/tegra/xusb-tegra186.c ++++ b/drivers/phy/tegra/xusb-tegra186.c +@@ -415,6 +415,7 @@ static int tegra186_utmi_phy_exit(struct + unsigned int index = lane->index; + struct device *dev = padctl->dev; + int err; ++ u32 reg; + + port = tegra_xusb_find_usb2_port(padctl, index); + if (!port) { +@@ -422,6 +423,16 @@ static int tegra186_utmi_phy_exit(struct + return -ENODEV; + } + ++ if (port->mode == USB_DR_MODE_OTG || ++ port->mode == USB_DR_MODE_PERIPHERAL) { ++ /* reset VBUS&ID OVERRIDE */ ++ reg = padctl_readl(padctl, USB2_VBUS_ID); ++ reg &= ~VBUS_OVERRIDE; ++ reg &= ~ID_OVERRIDE(~0); ++ reg |= ID_OVERRIDE_FLOATING; ++ padctl_writel(padctl, reg, USB2_VBUS_ID); ++ } ++ + if (port->supply && port->mode == USB_DR_MODE_HOST) { + err = regulator_disable(port->supply); + if (err) { diff --git a/queue-5.4/sched-core-prevent-rescheduling-when-interrupts-are-disabled.patch b/queue-5.4/sched-core-prevent-rescheduling-when-interrupts-are-disabled.patch new file mode 100644 index 0000000000..8ef6bfd67b --- /dev/null +++ b/queue-5.4/sched-core-prevent-rescheduling-when-interrupts-are-disabled.patch @@ -0,0 +1,85 @@ +From 82c387ef7568c0d96a918a5a78d9cad6256cfa15 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Mon, 16 Dec 2024 14:20:56 +0100 +Subject: sched/core: Prevent rescheduling when interrupts are disabled + +From: Thomas Gleixner + +commit 82c387ef7568c0d96a918a5a78d9cad6256cfa15 upstream. + +David reported a warning observed while loop testing kexec jump: + + Interrupts enabled after irqrouter_resume+0x0/0x50 + WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 + kernel_kexec+0xf6/0x180 + __do_sys_reboot+0x206/0x250 + do_syscall_64+0x95/0x180 + +The corresponding interrupt flag trace: + + hardirqs last enabled at (15573): [] __up_console_sem+0x7e/0x90 + hardirqs last disabled at (15580): [] __up_console_sem+0x63/0x90 + +That means __up_console_sem() was invoked with interrupts enabled. Further +instrumentation revealed that in the interrupt disabled section of kexec +jump one of the syscore_suspend() callbacks woke up a task, which set the +NEED_RESCHED flag. A later callback in the resume path invoked +cond_resched() which in turn led to the invocation of the scheduler: + + __cond_resched+0x21/0x60 + down_timeout+0x18/0x60 + acpi_os_wait_semaphore+0x4c/0x80 + acpi_ut_acquire_mutex+0x3d/0x100 + acpi_ns_get_node+0x27/0x60 + acpi_ns_evaluate+0x1cb/0x2d0 + acpi_rs_set_srs_method_data+0x156/0x190 + acpi_pci_link_set+0x11c/0x290 + irqrouter_resume+0x54/0x60 + syscore_resume+0x6a/0x200 + kernel_kexec+0x145/0x1c0 + __do_sys_reboot+0xeb/0x240 + do_syscall_64+0x95/0x180 + +This is a long standing problem, which probably got more visible with +the recent printk changes. Something does a task wakeup and the +scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and +invokes schedule() from a completely bogus context. The scheduler +enables interrupts after context switching, which causes the above +warning at the end. + +Quite some of the code paths in syscore_suspend()/resume() can result in +triggering a wakeup with the exactly same consequences. They might not +have done so yet, but as they share a lot of code with normal operations +it's just a question of time. + +The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling +models. Full preemption is not affected as cond_resched() is disabled and +the preemption check preemptible() takes the interrupt disabled flag into +account. + +Cure the problem by adding a corresponding check into cond_resched(). + +Reported-by: David Woodhouse +Suggested-by: Peter Zijlstra +Signed-off-by: Thomas Gleixner +Signed-off-by: Ingo Molnar +Tested-by: David Woodhouse +Cc: Linus Torvalds +Cc: stable@vger.kernel.org +Closes: https://lore.kernel.org/all/7717fe2ac0ce5f0a2c43fdab8b11f4483d54a2a4.camel@infradead.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/sched/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -5714,7 +5714,7 @@ SYSCALL_DEFINE0(sched_yield) + #ifndef CONFIG_PREEMPTION + int __sched _cond_resched(void) + { +- if (should_resched(0)) { ++ if (should_resched(0) && !irqs_disabled()) { + preempt_schedule_common(); + return 1; + } diff --git a/queue-5.4/series b/queue-5.4/series index 01e8c37770..e330018333 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -253,3 +253,9 @@ asoc-es8328-fix-route-from-dac-to-output.patch ipvs-always-clear-ipvs_property-flag-in-skb_scrub_pa.patch net-mvpp2-cls-fixed-non-ip-flow-with-vlan-tag-flow-d.patch x86-cpu-fix-warm-boot-hang-regression-on-amd-sc1100-.patch +ftrace-avoid-potential-division-by-zero-in-function_stat_show.patch +perf-core-fix-low-freq-setting-via-ioc_period.patch +usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch +phy-tegra-xusb-reset-vbus-id-override.patch +phy-exynos5-usbdrd-fix-mpll_multiplier-and-ssc_refclksel-masks-in-refclk.patch +sched-core-prevent-rescheduling-when-interrupts-are-disabled.patch diff --git a/queue-5.4/usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch b/queue-5.4/usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch new file mode 100644 index 0000000000..cc3da86cad --- /dev/null +++ b/queue-5.4/usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch @@ -0,0 +1,93 @@ +From 1cf9631d836b289bd5490776551961c883ae8a4f Mon Sep 17 00:00:00 2001 +From: Nikita Zhandarovich +Date: Mon, 24 Feb 2025 20:29:17 +0300 +Subject: usbnet: gl620a: fix endpoint checking in genelink_bind() + +From: Nikita Zhandarovich + +commit 1cf9631d836b289bd5490776551961c883ae8a4f upstream. + +Syzbot reports [1] a warning in usb_submit_urb() triggered by +inconsistencies between expected and actually present endpoints +in gl620a driver. Since genelink_bind() does not properly +verify whether specified eps are in fact provided by the device, +in this case, an artificially manufactured one, one may get a +mismatch. + +Fix the issue by resorting to a usbnet utility function +usbnet_get_endpoints(), usually reserved for this very problem. +Check for endpoints and return early before proceeding further if +any are missing. + +[1] Syzbot report: +usb 5-1: Manufacturer: syz +usb 5-1: SerialNumber: syz +usb 5-1: config 0 descriptor?? +gl620a 5-1:0.23 usb0: register 'gl620a' at usb-dummy_hcd.0-1, ... +------------[ cut here ]------------ +usb 5-1: BOGUS urb xfer, pipe 3 != type 1 +WARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503 +Modules linked in: +CPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 +Workqueue: mld mld_ifc_work +RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503 +... +Call Trace: + + usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467 + __netdev_start_xmit include/linux/netdevice.h:5002 [inline] + netdev_start_xmit include/linux/netdevice.h:5011 [inline] + xmit_one net/core/dev.c:3590 [inline] + dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606 + sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343 + __dev_xmit_skb net/core/dev.c:3827 [inline] + __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400 + dev_queue_xmit include/linux/netdevice.h:3168 [inline] + neigh_resolve_output net/core/neighbour.c:1514 [inline] + neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494 + neigh_output include/net/neighbour.h:539 [inline] + ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 + __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] + ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 + NF_HOOK_COND include/linux/netfilter.h:303 [inline] + ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 + dst_output include/net/dst.h:450 [inline] + NF_HOOK include/linux/netfilter.h:314 [inline] + NF_HOOK include/linux/netfilter.h:308 [inline] + mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819 + mld_send_cr net/ipv6/mcast.c:2120 [inline] + mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651 + process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229 + process_scheduled_works kernel/workqueue.c:3310 [inline] + worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 + kthread+0x2c1/0x3a0 kernel/kthread.c:389 + ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 + ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 + + +Reported-by: syzbot+d693c07c6f647e0388d3@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=d693c07c6f647e0388d3 +Fixes: 47ee3051c856 ("[PATCH] USB: usbnet (5/9) module for genesys gl620a cables") +Cc: stable@vger.kernel.org +Signed-off-by: Nikita Zhandarovich +Link: https://patch.msgid.link/20250224172919.1220522-1-n.zhandarovich@fintech.ru +Signed-off-by: Paolo Abeni +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/usb/gl620a.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/drivers/net/usb/gl620a.c ++++ b/drivers/net/usb/gl620a.c +@@ -179,9 +179,7 @@ static int genelink_bind(struct usbnet * + { + dev->hard_mtu = GL_RCV_BUF_SIZE; + dev->net->hard_header_len += 4; +- dev->in = usb_rcvbulkpipe(dev->udev, dev->driver_info->in); +- dev->out = usb_sndbulkpipe(dev->udev, dev->driver_info->out); +- return 0; ++ return usbnet_get_endpoints(dev, intf); + } + + static const struct driver_info genelink_info = {