From: Sasha Levin Date: Mon, 3 Feb 2025 16:25:47 +0000 (-0500) Subject: Fixes for 6.13 X-Git-Tag: v6.6.76~58 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b20e3c0c93ebf2b2b24035d0c0d7a02ec54cc127;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.13 Signed-off-by: Sasha Levin --- diff --git a/queue-6.13/asoc-amd-acp-fix-possible-deadlock.patch b/queue-6.13/asoc-amd-acp-fix-possible-deadlock.patch new file mode 100644 index 0000000000..1cf91d9fde --- /dev/null +++ b/queue-6.13/asoc-amd-acp-fix-possible-deadlock.patch @@ -0,0 +1,43 @@ +From f7fea8add4a1e09a871b15c5110f5bab4dcb9487 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 27 Jan 2025 10:34:22 +0200 +Subject: ASoC: amd: acp: Fix possible deadlock + +From: Daniel Baluta + +[ Upstream commit 3ff53862c322aa7bb115d84348d5a641dc905d87 ] + +On error path, function acp_i2s_set_tdm_slot returns without releasing +the lock and this could result in potential deadlocks in the future. + +Error reported by sparse: +sound/soc/amd/acp/acp-i2s.c:95:12: error: context imbalance in +'acp_i2s_set_tdm_slot' - different lock contexts for basic block + +Fixes: cd60dec8994c ("ASoC: amd: acp: Refactor TDM slots selction based on acp revision id") +Signed-off-by: Daniel Baluta +Reviewed-by: Ranjani Sridharan +Reviewed-by: Pierre-Louis Bossart +Reviewed-by: Bard Liao +Link: https://patch.msgid.link/20250127083422.20406-1-daniel.baluta@nxp.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/amd/acp/acp-i2s.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/soc/amd/acp/acp-i2s.c b/sound/soc/amd/acp/acp-i2s.c +index 1f59ee248771c..89e99ed4275a2 100644 +--- a/sound/soc/amd/acp/acp-i2s.c ++++ b/sound/soc/amd/acp/acp-i2s.c +@@ -181,6 +181,7 @@ static int acp_i2s_set_tdm_slot(struct snd_soc_dai *dai, u32 tx_mask, u32 rx_mas + break; + default: + dev_err(dev, "Unknown chip revision %d\n", chip->acp_rev); ++ spin_unlock_irq(&adata->acp_lock); + return -EINVAL; + } + } +-- +2.39.5 + diff --git a/queue-6.13/asoc-rockchip-i2s_tdm-re-add-the-set_sysclk-callback.patch b/queue-6.13/asoc-rockchip-i2s_tdm-re-add-the-set_sysclk-callback.patch new file mode 100644 index 0000000000..6b0ef06e2c --- /dev/null +++ b/queue-6.13/asoc-rockchip-i2s_tdm-re-add-the-set_sysclk-callback.patch @@ -0,0 +1,121 @@ +From d2afffb73296a803a9ff109faf1e339cddbca5d4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Jan 2025 11:31:02 -0500 +Subject: ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback + +From: Detlev Casanova + +[ Upstream commit 5323186e2e8d33c073fad51e24f18e2d6dbae2da ] + +In commit +9e2ab4b18ebd ("ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates"), +the set_sysclk callback was removed as considered unused as the mclk rate +can be set in the hw_params callback. +The difference between hw_params and set_sysclk is that the former is +called with the audio sampling rate set in the params (e.g.: 48000 Hz) +while the latter is called with a clock rate already computed with + sampling_rate * mclk-fs (e.g.: 48000 * 256) + +For HDMI audio using the Rockchip I2S TDM driver, the mclk-fs value must +be set to 128 instead of the default 256, and that value is set in the +device tree at the machine driver level (like a simple-audio-card +compatible node). +Therefore, the i2s_tdm driver has no idea that another mclk-fs value can +be configured and simply computes the mclk rate in the hw_params callback +with DEFAULT_MCLK_FS * params_rate(params), which is wrong for HDMI +audio. + +Re-add the set_sysclk callback so that the mclk rate is computed by the +machine driver which has the correct mclk-fs value set in its device tree +node. + +Fixes: 9e2ab4b18ebd ("ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates") +Signed-off-by: Detlev Casanova +Link: https://patch.msgid.link/20250117163102.65807-1-detlev.casanova@collabora.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++++++++++++++++++++++++-- + 1 file changed, 29 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/rockchip/rockchip_i2s_tdm.c b/sound/soc/rockchip/rockchip_i2s_tdm.c +index d1f28699652fe..acd75e48851fc 100644 +--- a/sound/soc/rockchip/rockchip_i2s_tdm.c ++++ b/sound/soc/rockchip/rockchip_i2s_tdm.c +@@ -22,7 +22,6 @@ + + #define DRV_NAME "rockchip-i2s-tdm" + +-#define DEFAULT_MCLK_FS 256 + #define CH_GRP_MAX 4 /* The max channel 8 / 2 */ + #define MULTIPLEX_CH_MAX 10 + +@@ -70,6 +69,8 @@ struct rk_i2s_tdm_dev { + bool has_playback; + bool has_capture; + struct snd_soc_dai_driver *dai; ++ unsigned int mclk_rx_freq; ++ unsigned int mclk_tx_freq; + }; + + static int to_ch_num(unsigned int val) +@@ -645,6 +646,27 @@ static int rockchip_i2s_trcm_mode(struct snd_pcm_substream *substream, + return 0; + } + ++static int rockchip_i2s_tdm_set_sysclk(struct snd_soc_dai *cpu_dai, int stream, ++ unsigned int freq, int dir) ++{ ++ struct rk_i2s_tdm_dev *i2s_tdm = to_info(cpu_dai); ++ ++ if (i2s_tdm->clk_trcm) { ++ i2s_tdm->mclk_tx_freq = freq; ++ i2s_tdm->mclk_rx_freq = freq; ++ } else { ++ if (stream == SNDRV_PCM_STREAM_PLAYBACK) ++ i2s_tdm->mclk_tx_freq = freq; ++ else ++ i2s_tdm->mclk_rx_freq = freq; ++ } ++ ++ dev_dbg(i2s_tdm->dev, "The target mclk_%s freq is: %d\n", ++ stream ? "rx" : "tx", freq); ++ ++ return 0; ++} ++ + static int rockchip_i2s_tdm_hw_params(struct snd_pcm_substream *substream, + struct snd_pcm_hw_params *params, + struct snd_soc_dai *dai) +@@ -659,15 +681,19 @@ static int rockchip_i2s_tdm_hw_params(struct snd_pcm_substream *substream, + + if (i2s_tdm->clk_trcm == TRCM_TX) { + mclk = i2s_tdm->mclk_tx; ++ mclk_rate = i2s_tdm->mclk_tx_freq; + } else if (i2s_tdm->clk_trcm == TRCM_RX) { + mclk = i2s_tdm->mclk_rx; ++ mclk_rate = i2s_tdm->mclk_rx_freq; + } else if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { + mclk = i2s_tdm->mclk_tx; ++ mclk_rate = i2s_tdm->mclk_tx_freq; + } else { + mclk = i2s_tdm->mclk_rx; ++ mclk_rate = i2s_tdm->mclk_rx_freq; + } + +- err = clk_set_rate(mclk, DEFAULT_MCLK_FS * params_rate(params)); ++ err = clk_set_rate(mclk, mclk_rate); + if (err) + return err; + +@@ -827,6 +853,7 @@ static const struct snd_soc_dai_ops rockchip_i2s_tdm_dai_ops = { + .hw_params = rockchip_i2s_tdm_hw_params, + .set_bclk_ratio = rockchip_i2s_tdm_set_bclk_ratio, + .set_fmt = rockchip_i2s_tdm_set_fmt, ++ .set_sysclk = rockchip_i2s_tdm_set_sysclk, + .set_tdm_slot = rockchip_dai_tdm_slot, + .trigger = rockchip_i2s_tdm_trigger, + }; +-- +2.39.5 + diff --git a/queue-6.13/cifs-fix-getting-and-setting-sacls-over-smb1.patch b/queue-6.13/cifs-fix-getting-and-setting-sacls-over-smb1.patch new file mode 100644 index 0000000000..633b1c3c5d --- /dev/null +++ b/queue-6.13/cifs-fix-getting-and-setting-sacls-over-smb1.patch @@ -0,0 +1,154 @@ +From 9155f71a928f86d86ece07cc8aaca69983d68c46 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 14 Oct 2024 13:43:23 +0200 +Subject: cifs: Fix getting and setting SACLs over SMB1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +[ Upstream commit 8b19dfb34d17e77a0809d433cc128b779282131b ] + +SMB1 callback get_cifs_acl_by_fid() currently ignores its last argument and +therefore ignores request for SACL_SECINFO. Fix this issue by correctly +propagating info argument from get_cifs_acl() and get_cifs_acl_by_fid() to +CIFSSMBGetCIFSACL() function and pass SACL_SECINFO when requested. + +For accessing SACLs it is needed to open object with SYSTEM_SECURITY +access. Pass this flag when trying to get or set SACLs. + +Same logic is in the SMB2+ code path. + +This change fixes getting and setting of "system.cifs_ntsd_full" and +"system.smb3_ntsd_full" xattrs over SMB1 as currently it silentely ignored +SACL part of passed xattr buffer. + +Fixes: 3970acf7ddb9 ("SMB3: Add support for getting and setting SACLs") +Signed-off-by: Pali Rohár +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/cifsacl.c | 25 +++++++++++++++---------- + fs/smb/client/cifsproto.h | 2 +- + fs/smb/client/cifssmb.c | 4 ++-- + 3 files changed, 18 insertions(+), 13 deletions(-) + +diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c +index ba79aa2107cc9..699a3f76d0834 100644 +--- a/fs/smb/client/cifsacl.c ++++ b/fs/smb/client/cifsacl.c +@@ -1395,7 +1395,7 @@ static int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *pnntsd, + #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY + struct smb_ntsd *get_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, + const struct cifs_fid *cifsfid, u32 *pacllen, +- u32 __maybe_unused unused) ++ u32 info) + { + struct smb_ntsd *pntsd = NULL; + unsigned int xid; +@@ -1407,7 +1407,7 @@ struct smb_ntsd *get_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, + + xid = get_xid(); + rc = CIFSSMBGetCIFSACL(xid, tlink_tcon(tlink), cifsfid->netfid, &pntsd, +- pacllen); ++ pacllen, info); + free_xid(xid); + + cifs_put_tlink(tlink); +@@ -1419,7 +1419,7 @@ struct smb_ntsd *get_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, + } + + static struct smb_ntsd *get_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, +- const char *path, u32 *pacllen) ++ const char *path, u32 *pacllen, u32 info) + { + struct smb_ntsd *pntsd = NULL; + int oplock = 0; +@@ -1446,9 +1446,12 @@ static struct smb_ntsd *get_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, + .fid = &fid, + }; + ++ if (info & SACL_SECINFO) ++ oparms.desired_access |= SYSTEM_SECURITY; ++ + rc = CIFS_open(xid, &oparms, &oplock, NULL); + if (!rc) { +- rc = CIFSSMBGetCIFSACL(xid, tcon, fid.netfid, &pntsd, pacllen); ++ rc = CIFSSMBGetCIFSACL(xid, tcon, fid.netfid, &pntsd, pacllen, info); + CIFSSMBClose(xid, tcon, fid.netfid); + } + +@@ -1472,7 +1475,7 @@ struct smb_ntsd *get_cifs_acl(struct cifs_sb_info *cifs_sb, + if (inode) + open_file = find_readable_file(CIFS_I(inode), true); + if (!open_file) +- return get_cifs_acl_by_path(cifs_sb, path, pacllen); ++ return get_cifs_acl_by_path(cifs_sb, path, pacllen, info); + + pntsd = get_cifs_acl_by_fid(cifs_sb, &open_file->fid, pacllen, info); + cifsFileInfo_put(open_file); +@@ -1485,7 +1488,7 @@ int set_cifs_acl(struct smb_ntsd *pnntsd, __u32 acllen, + { + int oplock = 0; + unsigned int xid; +- int rc, access_flags; ++ int rc, access_flags = 0; + struct cifs_tcon *tcon; + struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); + struct tcon_link *tlink = cifs_sb_tlink(cifs_sb); +@@ -1498,10 +1501,12 @@ int set_cifs_acl(struct smb_ntsd *pnntsd, __u32 acllen, + tcon = tlink_tcon(tlink); + xid = get_xid(); + +- if (aclflag == CIFS_ACL_OWNER || aclflag == CIFS_ACL_GROUP) +- access_flags = WRITE_OWNER; +- else +- access_flags = WRITE_DAC; ++ if (aclflag & CIFS_ACL_OWNER || aclflag & CIFS_ACL_GROUP) ++ access_flags |= WRITE_OWNER; ++ if (aclflag & CIFS_ACL_SACL) ++ access_flags |= SYSTEM_SECURITY; ++ if (aclflag & CIFS_ACL_DACL) ++ access_flags |= WRITE_DAC; + + oparms = (struct cifs_open_parms) { + .tcon = tcon, +diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h +index d26f9bbb53829..2d3b7b68f7360 100644 +--- a/fs/smb/client/cifsproto.h ++++ b/fs/smb/client/cifsproto.h +@@ -560,7 +560,7 @@ extern int CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, + const struct nls_table *nls_codepage, + struct cifs_sb_info *cifs_sb); + extern int CIFSSMBGetCIFSACL(const unsigned int xid, struct cifs_tcon *tcon, +- __u16 fid, struct smb_ntsd **acl_inf, __u32 *buflen); ++ __u16 fid, struct smb_ntsd **acl_inf, __u32 *buflen, __u32 info); + extern int CIFSSMBSetCIFSACL(const unsigned int, struct cifs_tcon *, __u16, + struct smb_ntsd *pntsd, __u32 len, int aclflag); + extern int cifs_do_get_acl(const unsigned int xid, struct cifs_tcon *tcon, +diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c +index ab0b949924d77..a993d4ac58411 100644 +--- a/fs/smb/client/cifssmb.c ++++ b/fs/smb/client/cifssmb.c +@@ -3375,7 +3375,7 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, + /* Get Security Descriptor (by handle) from remote server for a file or dir */ + int + CIFSSMBGetCIFSACL(const unsigned int xid, struct cifs_tcon *tcon, __u16 fid, +- struct smb_ntsd **acl_inf, __u32 *pbuflen) ++ struct smb_ntsd **acl_inf, __u32 *pbuflen, __u32 info) + { + int rc = 0; + int buf_type = 0; +@@ -3398,7 +3398,7 @@ CIFSSMBGetCIFSACL(const unsigned int xid, struct cifs_tcon *tcon, __u16 fid, + pSMB->MaxSetupCount = 0; + pSMB->Fid = fid; /* file handle always le */ + pSMB->AclFlags = cpu_to_le32(CIFS_ACL_OWNER | CIFS_ACL_GROUP | +- CIFS_ACL_DACL); ++ CIFS_ACL_DACL | info); + pSMB->ByteCount = cpu_to_le16(11); /* 3 bytes pad + 8 bytes parm */ + inc_rfc1001_len(pSMB, 11); + iov[0].iov_base = (char *)pSMB; +-- +2.39.5 + diff --git a/queue-6.13/cifs-validate-eas-for-wsl-reparse-points.patch b/queue-6.13/cifs-validate-eas-for-wsl-reparse-points.patch new file mode 100644 index 0000000000..481ade51fc --- /dev/null +++ b/queue-6.13/cifs-validate-eas-for-wsl-reparse-points.patch @@ -0,0 +1,86 @@ +From a6daceb9d28f0e2110d63c47c7fee7b2fe3119a5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Dec 2024 15:20:39 +0100 +Subject: cifs: Validate EAs for WSL reparse points +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +[ Upstream commit ef201e8759d20bf82b5943101147072de12bc524 ] + +Major and minor numbers for char and block devices are mandatory for stat. +So check that the WSL EA $LXDEV is present for WSL CHR and BLK reparse +points. + +WSL reparse point tag determinate type of the file. But file type is +present also in the WSL EA $LXMOD. So check that both file types are same. + +Fixes: 78e26bec4d6d ("smb: client: parse uid, gid, mode and dev from WSL reparse points") +Signed-off-by: Pali Rohár +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/reparse.c | 22 ++++++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c +index d88b41133e00c..b387dfbaf16b0 100644 +--- a/fs/smb/client/reparse.c ++++ b/fs/smb/client/reparse.c +@@ -747,11 +747,12 @@ int smb2_parse_reparse_point(struct cifs_sb_info *cifs_sb, + return parse_reparse_point(buf, plen, cifs_sb, full_path, true, data); + } + +-static void wsl_to_fattr(struct cifs_open_info_data *data, ++static bool wsl_to_fattr(struct cifs_open_info_data *data, + struct cifs_sb_info *cifs_sb, + u32 tag, struct cifs_fattr *fattr) + { + struct smb2_file_full_ea_info *ea; ++ bool have_xattr_dev = false; + u32 next = 0; + + switch (tag) { +@@ -794,13 +795,24 @@ static void wsl_to_fattr(struct cifs_open_info_data *data, + fattr->cf_uid = wsl_make_kuid(cifs_sb, v); + else if (!strncmp(name, SMB2_WSL_XATTR_GID, nlen)) + fattr->cf_gid = wsl_make_kgid(cifs_sb, v); +- else if (!strncmp(name, SMB2_WSL_XATTR_MODE, nlen)) ++ else if (!strncmp(name, SMB2_WSL_XATTR_MODE, nlen)) { ++ /* File type in reparse point tag and in xattr mode must match. */ ++ if (S_DT(fattr->cf_mode) != S_DT(le32_to_cpu(*(__le32 *)v))) ++ return false; + fattr->cf_mode = (umode_t)le32_to_cpu(*(__le32 *)v); +- else if (!strncmp(name, SMB2_WSL_XATTR_DEV, nlen)) ++ } else if (!strncmp(name, SMB2_WSL_XATTR_DEV, nlen)) { + fattr->cf_rdev = reparse_mkdev(v); ++ have_xattr_dev = true; ++ } + } while (next); + out: ++ ++ /* Major and minor numbers for char and block devices are mandatory. */ ++ if (!have_xattr_dev && (tag == IO_REPARSE_TAG_LX_CHR || tag == IO_REPARSE_TAG_LX_BLK)) ++ return false; ++ + fattr->cf_dtype = S_DT(fattr->cf_mode); ++ return true; + } + + static bool posix_reparse_to_fattr(struct cifs_sb_info *cifs_sb, +@@ -874,7 +886,9 @@ bool cifs_reparse_point_to_fattr(struct cifs_sb_info *cifs_sb, + case IO_REPARSE_TAG_AF_UNIX: + case IO_REPARSE_TAG_LX_CHR: + case IO_REPARSE_TAG_LX_BLK: +- wsl_to_fattr(data, cifs_sb, tag, fattr); ++ ok = wsl_to_fattr(data, cifs_sb, tag, fattr); ++ if (!ok) ++ return false; + break; + case IO_REPARSE_TAG_NFS: + ok = posix_reparse_to_fattr(cifs_sb, fattr, data); +-- +2.39.5 + diff --git a/queue-6.13/genksyms-fix-memory-leak-when-the-same-symbol-is-add.patch b/queue-6.13/genksyms-fix-memory-leak-when-the-same-symbol-is-add.patch new file mode 100644 index 0000000000..d538adabc8 --- /dev/null +++ b/queue-6.13/genksyms-fix-memory-leak-when-the-same-symbol-is-add.patch @@ -0,0 +1,149 @@ +From a1f273f59a60f5d6db672e1b6366d661fc020d22 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jan 2025 16:30:38 +0900 +Subject: genksyms: fix memory leak when the same symbol is added from source + +From: Masahiro Yamada + +[ Upstream commit 45c9c4101d3d2fdfa00852274bbebba65fcc3cf2 ] + +When a symbol that is already registered is added again, __add_symbol() +returns without freeing the symbol definition, making it unreachable. + +The following test cases demonstrate different memory leak points. + +[Test Case 1] + +Forward declaration with exactly the same definition + + $ cat foo.c + #include + void foo(void); + void foo(void) {} + EXPORT_SYMBOL(foo); + +[Test Case 2] + +Forward declaration with a different definition (e.g. attribute) + + $ cat foo.c + #include + void foo(void); + __attribute__((__section__(".ref.text"))) void foo(void) {} + EXPORT_SYMBOL(foo); + +[Test Case 3] + +Preserving an overridden symbol (compile with KBUILD_PRESERVE=1) + + $ cat foo.c + #include + void foo(void); + void foo(void) { } + EXPORT_SYMBOL(foo); + + $ cat foo.symref + override foo void foo ( int ) + +The memory leaks in Test Case 1 and 2 have existed since the introduction +of genksyms into the kernel tree. [1] + +The memory leak in Test Case 3 was introduced by commit 5dae9a550a74 +("genksyms: allow to ignore symbol checksum changes"). + +When multiple init_declarators are reduced to an init_declarator_list, +the decl_spec must be duplicated. Otherwise, the following Test Case 4 +would result in a double-free bug. + +[Test Case 4] + + $ cat foo.c + #include + + extern int foo, bar; + + int foo, bar; + EXPORT_SYMBOL(foo); + +In this case, 'foo' and 'bar' share the same decl_spec, 'int'. It must +be unshared before being passed to add_symbol(). + +[1]: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=46bd1da672d66ccd8a639d3c1f8a166048cca608 + +Fixes: 5dae9a550a74 ("genksyms: allow to ignore symbol checksum changes") +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + scripts/genksyms/genksyms.c | 3 +++ + scripts/genksyms/parse.y | 14 ++++++++++++-- + 2 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/scripts/genksyms/genksyms.c b/scripts/genksyms/genksyms.c +index 07f9b8cfb2337..8ca46f807b57a 100644 +--- a/scripts/genksyms/genksyms.c ++++ b/scripts/genksyms/genksyms.c +@@ -239,6 +239,7 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type, + "unchanged\n"); + } + sym->is_declared = 1; ++ free_list(defn, NULL); + return sym; + } else if (!sym->is_declared) { + if (sym->is_override && flag_preserve) { +@@ -247,6 +248,7 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type, + print_type_name(type, name); + fprintf(stderr, " modversion change\n"); + sym->is_declared = 1; ++ free_list(defn, NULL); + return sym; + } else { + status = is_unknown_symbol(sym) ? +@@ -254,6 +256,7 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type, + } + } else { + error_with_pos("redefinition of %s", name); ++ free_list(defn, NULL); + return sym; + } + break; +diff --git a/scripts/genksyms/parse.y b/scripts/genksyms/parse.y +index 8e9b5e69e8f01..840371d01bf48 100644 +--- a/scripts/genksyms/parse.y ++++ b/scripts/genksyms/parse.y +@@ -152,14 +152,19 @@ simple_declaration: + ; + + init_declarator_list_opt: +- /* empty */ { $$ = NULL; } +- | init_declarator_list ++ /* empty */ { $$ = NULL; } ++ | init_declarator_list { free_list(decl_spec, NULL); $$ = $1; } + ; + + init_declarator_list: + init_declarator + { struct string_list *decl = *$1; + *$1 = NULL; ++ ++ /* avoid sharing among multiple init_declarators */ ++ if (decl_spec) ++ decl_spec = copy_list_range(decl_spec, NULL); ++ + add_symbol(current_name, + is_typedef ? SYM_TYPEDEF : SYM_NORMAL, decl, is_extern); + current_name = NULL; +@@ -170,6 +175,11 @@ init_declarator_list: + *$3 = NULL; + free_list(*$2, NULL); + *$2 = decl_spec; ++ ++ /* avoid sharing among multiple init_declarators */ ++ if (decl_spec) ++ decl_spec = copy_list_range(decl_spec, NULL); ++ + add_symbol(current_name, + is_typedef ? SYM_TYPEDEF : SYM_NORMAL, decl, is_extern); + current_name = NULL; +-- +2.39.5 + diff --git a/queue-6.13/genksyms-fix-memory-leak-when-the-same-symbol-is-rea.patch b/queue-6.13/genksyms-fix-memory-leak-when-the-same-symbol-is-rea.patch new file mode 100644 index 0000000000..07d62a950d --- /dev/null +++ b/queue-6.13/genksyms-fix-memory-leak-when-the-same-symbol-is-rea.patch @@ -0,0 +1,108 @@ +From 132816f3566d589d8385c6633e3f1ad282d2c0c6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jan 2025 16:30:39 +0900 +Subject: genksyms: fix memory leak when the same symbol is read from *.symref + file + +From: Masahiro Yamada + +[ Upstream commit be2fa44b5180a1f021efb40c55fdf63c249c3209 ] + +When a symbol that is already registered is read again from *.symref +file, __add_symbol() removes the previous one from the hash table without +freeing it. + +[Test Case] + + $ cat foo.c + #include + void foo(void); + void foo(void) {} + EXPORT_SYMBOL(foo); + + $ cat foo.symref + foo void foo ( void ) + foo void foo ( void ) + +When a symbol is removed from the hash table, it must be freed along +with its ->name and ->defn members. However, sym->name cannot be freed +because it is sometimes shared with node->string, but not always. If +sym->name and node->string share the same memory, free(sym->name) could +lead to a double-free bug. + +To resolve this issue, always assign a strdup'ed string to sym->name. + +Fixes: 64e6c1e12372 ("genksyms: track symbol checksum changes") +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + scripts/genksyms/genksyms.c | 8 ++++++-- + scripts/genksyms/genksyms.h | 2 +- + scripts/genksyms/parse.y | 4 ++-- + 3 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/scripts/genksyms/genksyms.c b/scripts/genksyms/genksyms.c +index 8ca46f807b57a..c5e8e0e0f9490 100644 +--- a/scripts/genksyms/genksyms.c ++++ b/scripts/genksyms/genksyms.c +@@ -272,11 +272,15 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type, + break; + } + } ++ ++ free_list(sym->defn, NULL); ++ free(sym->name); ++ free(sym); + --nsyms; + } + + sym = xmalloc(sizeof(*sym)); +- sym->name = name; ++ sym->name = xstrdup(name); + sym->type = type; + sym->defn = defn; + sym->expansion_trail = NULL; +@@ -483,7 +487,7 @@ static void read_reference(FILE *f) + defn = def; + def = read_node(f); + } +- subsym = add_reference_symbol(xstrdup(sym->string), sym->tag, ++ subsym = add_reference_symbol(sym->string, sym->tag, + defn, is_extern); + subsym->is_override = is_override; + free_node(sym); +diff --git a/scripts/genksyms/genksyms.h b/scripts/genksyms/genksyms.h +index 21ed2ec2d98ca..5621533dcb8e4 100644 +--- a/scripts/genksyms/genksyms.h ++++ b/scripts/genksyms/genksyms.h +@@ -32,7 +32,7 @@ struct string_list { + + struct symbol { + struct symbol *hash_next; +- const char *name; ++ char *name; + enum symbol_type type; + struct string_list *defn; + struct symbol *expansion_trail; +diff --git a/scripts/genksyms/parse.y b/scripts/genksyms/parse.y +index 840371d01bf48..689cb6bb40b65 100644 +--- a/scripts/genksyms/parse.y ++++ b/scripts/genksyms/parse.y +@@ -482,12 +482,12 @@ enumerator_list: + enumerator: + IDENT + { +- const char *name = strdup((*$1)->string); ++ const char *name = (*$1)->string; + add_symbol(name, SYM_ENUM_CONST, NULL, 0); + } + | IDENT '=' EXPRESSION_PHRASE + { +- const char *name = strdup((*$1)->string); ++ const char *name = (*$1)->string; + struct string_list *expr = copy_list_range(*$3, *$2); + add_symbol(name, SYM_ENUM_CONST, expr, 0); + } +-- +2.39.5 + diff --git a/queue-6.13/hexagon-fix-unbalanced-spinlock-in-die.patch b/queue-6.13/hexagon-fix-unbalanced-spinlock-in-die.patch new file mode 100644 index 0000000000..452e0b360a --- /dev/null +++ b/queue-6.13/hexagon-fix-unbalanced-spinlock-in-die.patch @@ -0,0 +1,45 @@ +From 3b76c8fc9625010412b79d80bbe45a9f70e50467 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 May 2023 02:56:08 +0000 +Subject: hexagon: Fix unbalanced spinlock in die() + +From: Lin Yujun + +[ Upstream commit 03410e87563a122075c3721acc7d5510e41d8332 ] + +die executes holding the spinlock of &die.lock and unlock +it after printing the oops message. +However in the code if the notify_die() returns NOTIFY_STOP +, die() exit with returning 1 but never unlocked the spinlock. + +Fix this by adding spin_unlock_irq(&die.lock) before returning. + +Fixes: cf9750bae262 ("Hexagon: Provide basic debugging and system trap support.") +Signed-off-by: Lin Yujun +Link: https://lore.kernel.org/r/20230522025608.2515558-1-linyujun809@huawei.com +Signed-off-by: Brian Cain +Signed-off-by: Brian Cain +Signed-off-by: Sasha Levin +--- + arch/hexagon/kernel/traps.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c +index 75e062722d285..040a958de1dfc 100644 +--- a/arch/hexagon/kernel/traps.c ++++ b/arch/hexagon/kernel/traps.c +@@ -195,8 +195,10 @@ int die(const char *str, struct pt_regs *regs, long err) + printk(KERN_EMERG "Oops: %s[#%d]:\n", str, ++die.counter); + + if (notify_die(DIE_OOPS, str, regs, err, pt_cause(regs), SIGSEGV) == +- NOTIFY_STOP) ++ NOTIFY_STOP) { ++ spin_unlock_irq(&die.lock); + return 1; ++ } + + print_modules(); + show_regs(regs); +-- +2.39.5 + diff --git a/queue-6.13/hexagon-fix-using-plain-integer-as-null-pointer-warn.patch b/queue-6.13/hexagon-fix-using-plain-integer-as-null-pointer-warn.patch new file mode 100644 index 0000000000..0a50bc15a9 --- /dev/null +++ b/queue-6.13/hexagon-fix-using-plain-integer-as-null-pointer-warn.patch @@ -0,0 +1,61 @@ +From 5c81c8eb9b537c864c92b674e39ea5a51e4c5dd9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Dec 2024 17:17:34 -0500 +Subject: hexagon: fix using plain integer as NULL pointer warning in cmpxchg + +From: Willem de Bruijn + +[ Upstream commit 8a20030038742b9915c6d811a4e6c14b126cafb4 ] + +Sparse reports + + net/ipv4/inet_diag.c:1511:17: sparse: sparse: Using plain integer as NULL pointer + +Due to this code calling cmpxchg on a non-integer type +struct inet_diag_handler * + + return !cmpxchg((const struct inet_diag_handler**)&inet_diag_table[type], + NULL, h) ? 0 : -EEXIST; + +While hexagon's cmpxchg assigns an integer value to a variable of this +type. + + __typeof__(*(ptr)) __oldval = 0; + +Update this assignment to cast 0 to the correct type. + +The original issue is easily reproduced at head with the below block, +and is absent after this change. + + make LLVM=1 ARCH=hexagon defconfig + make C=1 LLVM=1 ARCH=hexagon net/ipv4/inet_diag.o + +Fixes: 99a70aa051d2 ("Hexagon: Add processor and system headers") +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202411091538.PGSTqUBi-lkp@intel.com/ +Signed-off-by: Willem de Bruijn +Tested-by: Christian Gmeiner +Link: https://lore.kernel.org/r/20241203221736.282020-1-willemdebruijn.kernel@gmail.com +Signed-off-by: Brian Cain +Signed-off-by: Brian Cain +Signed-off-by: Sasha Levin +--- + arch/hexagon/include/asm/cmpxchg.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/hexagon/include/asm/cmpxchg.h b/arch/hexagon/include/asm/cmpxchg.h +index bf6cf5579cf45..9c58fb81f7fd6 100644 +--- a/arch/hexagon/include/asm/cmpxchg.h ++++ b/arch/hexagon/include/asm/cmpxchg.h +@@ -56,7 +56,7 @@ __arch_xchg(unsigned long x, volatile void *ptr, int size) + __typeof__(ptr) __ptr = (ptr); \ + __typeof__(*(ptr)) __old = (old); \ + __typeof__(*(ptr)) __new = (new); \ +- __typeof__(*(ptr)) __oldval = 0; \ ++ __typeof__(*(ptr)) __oldval = (__typeof__(*(ptr))) 0; \ + \ + asm volatile( \ + "1: %0 = memw_locked(%1);\n" \ +-- +2.39.5 + diff --git a/queue-6.13/hostfs-fix-string-handling-in-__dentry_name.patch b/queue-6.13/hostfs-fix-string-handling-in-__dentry_name.patch new file mode 100644 index 0000000000..4e7831465f --- /dev/null +++ b/queue-6.13/hostfs-fix-string-handling-in-__dentry_name.patch @@ -0,0 +1,66 @@ +From f249f2196db8f4295362416473c99905d24ab4fc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 11 Jan 2025 01:37:44 -0500 +Subject: hostfs: fix string handling in __dentry_name() + +From: Al Viro + +[ Upstream commit 60a6002432448bb3f291d80768ae98d62efc9c77 ] + +strcpy() should not be used with destination potentially overlapping +the source; what's more, strscpy() in there is pointless - we already +know the amount we want to copy; might as well use memcpy(). + +Fixes: c278e81b8a02 "hostfs: Remove open coded strcpy()" +Signed-off-by: Al Viro +Signed-off-by: Sasha Levin +--- + fs/hostfs/hostfs_kern.c | 27 ++++++--------------------- + 1 file changed, 6 insertions(+), 21 deletions(-) + +diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c +index 7e51d2cec64b4..bd6503b731426 100644 +--- a/fs/hostfs/hostfs_kern.c ++++ b/fs/hostfs/hostfs_kern.c +@@ -95,32 +95,17 @@ __uml_setup("hostfs=", hostfs_args, + static char *__dentry_name(struct dentry *dentry, char *name) + { + char *p = dentry_path_raw(dentry, name, PATH_MAX); +- char *root; +- size_t len; +- struct hostfs_fs_info *fsi; +- +- fsi = dentry->d_sb->s_fs_info; +- root = fsi->host_root_path; +- len = strlen(root); +- if (IS_ERR(p)) { +- __putname(name); +- return NULL; +- } +- +- /* +- * This function relies on the fact that dentry_path_raw() will place +- * the path name at the end of the provided buffer. +- */ +- BUG_ON(p + strlen(p) + 1 != name + PATH_MAX); ++ struct hostfs_fs_info *fsi = dentry->d_sb->s_fs_info; ++ char *root = fsi->host_root_path; ++ size_t len = strlen(root); + +- strscpy(name, root, PATH_MAX); +- if (len > p - name) { ++ if (IS_ERR(p) || len > p - name) { + __putname(name); + return NULL; + } + +- if (p > name + len) +- strcpy(name + len, p); ++ memcpy(name, root, len); ++ memmove(name + len, p, name + PATH_MAX - p); + + return name; + } +-- +2.39.5 + diff --git a/queue-6.13/io_uring-msg_ring-don-t-leave-potentially-dangling-t.patch b/queue-6.13/io_uring-msg_ring-don-t-leave-potentially-dangling-t.patch new file mode 100644 index 0000000000..0b2f55c3e2 --- /dev/null +++ b/queue-6.13/io_uring-msg_ring-don-t-leave-potentially-dangling-t.patch @@ -0,0 +1,47 @@ +From e72541e4993764d9b61f1055210d79a9647b88ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 22 Jan 2025 17:03:28 -0700 +Subject: io_uring/msg_ring: don't leave potentially dangling ->tctx pointer + +From: Jens Axboe + +[ Upstream commit 69a62e03f896a7382671877b6ad6aab87c53e9c3 ] + +For remote posting of messages, req->tctx is assigned even though it +is never used. Rather than leave a dangling pointer, just clear it to +NULL and use the previous check for a valid submitter_task to gate on +whether or not the request should be terminated. + +Reported-by: Jann Horn +Fixes: b6f58a3f4aa8 ("io_uring: move struct io_kiocb from task_struct to io_uring_task") +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + io_uring/msg_ring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c +index 333c220d322a9..800cd48001e6e 100644 +--- a/io_uring/msg_ring.c ++++ b/io_uring/msg_ring.c +@@ -89,8 +89,7 @@ static void io_msg_tw_complete(struct io_kiocb *req, struct io_tw_state *ts) + static int io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req, + int res, u32 cflags, u64 user_data) + { +- req->tctx = READ_ONCE(ctx->submitter_task->io_uring); +- if (!req->tctx) { ++ if (!READ_ONCE(ctx->submitter_task)) { + kmem_cache_free(req_cachep, req); + return -EOWNERDEAD; + } +@@ -98,6 +97,7 @@ static int io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req, + io_req_set_res(req, res, cflags); + percpu_ref_get(&ctx->refs); + req->ctx = ctx; ++ req->tctx = NULL; + req->io_task_work.func = io_msg_tw_complete; + io_req_task_work_add_remote(req, ctx, IOU_F_TWQ_LAZY_WAKE); + return 0; +-- +2.39.5 + diff --git a/queue-6.13/io_uring-register-use-atomic_read-write-for-sq_flags.patch b/queue-6.13/io_uring-register-use-atomic_read-write-for-sq_flags.patch new file mode 100644 index 0000000000..f74b52a934 --- /dev/null +++ b/queue-6.13/io_uring-register-use-atomic_read-write-for-sq_flags.patch @@ -0,0 +1,44 @@ +From c804aa62be4cd0ae49ddc29bcb6a3e94b6d53c75 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 24 Jan 2025 14:32:25 -0700 +Subject: io_uring/register: use atomic_read/write for sq_flags migration + +From: Jens Axboe + +[ Upstream commit a23ad06bfee5e51cd9e51aebf11401e7b4b5d00a ] + +A previous commit changed all of the migration from the old to the new +ring for resizing to use READ/WRITE_ONCE. However, ->sq_flags is an +atomic_t, and while most archs won't complain on this, some will indeed +flag this: + +io_uring/register.c:554:9: sparse: sparse: cast to non-scalar +io_uring/register.c:554:9: sparse: sparse: cast from non-scalar + +Just use atomic_set/atomic_read for handling this case. + +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202501242000.A2sKqaCL-lkp@intel.com/ +Fixes: 2c5aae129f42 ("io_uring/register: document io_register_resize_rings() shared mem usage") +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + io_uring/register.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/io_uring/register.c b/io_uring/register.c +index 371aec87e078c..14ece7754e4ca 100644 +--- a/io_uring/register.c ++++ b/io_uring/register.c +@@ -553,7 +553,7 @@ static int io_register_resize_rings(struct io_ring_ctx *ctx, void __user *arg) + ctx->cqe_cached = ctx->cqe_sentinel = NULL; + + WRITE_ONCE(n.rings->sq_dropped, READ_ONCE(o.rings->sq_dropped)); +- WRITE_ONCE(n.rings->sq_flags, READ_ONCE(o.rings->sq_flags)); ++ atomic_set(&n.rings->sq_flags, atomic_read(&o.rings->sq_flags)); + WRITE_ONCE(n.rings->cq_flags, READ_ONCE(o.rings->cq_flags)); + WRITE_ONCE(n.rings->cq_overflow, READ_ONCE(o.rings->cq_overflow)); + +-- +2.39.5 + diff --git a/queue-6.13/io_uring-uring_cmd-use-cached-cmd_op-in-io_uring_cmd.patch b/queue-6.13/io_uring-uring_cmd-use-cached-cmd_op-in-io_uring_cmd.patch new file mode 100644 index 0000000000..0d4fd8a868 --- /dev/null +++ b/queue-6.13/io_uring-uring_cmd-use-cached-cmd_op-in-io_uring_cmd.patch @@ -0,0 +1,38 @@ +From 8d9cd2981d29696adf3e387b5e0f23620db70dbc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 22 Jan 2025 17:29:31 -0700 +Subject: io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() + +From: Jens Axboe + +[ Upstream commit d58d82bd0efd6c8edd452fc2f6c6dd052ec57cb2 ] + +io_uring_cmd_sock() does a normal read of cmd->sqe->cmd_op, where it +really should be using a READ_ONCE() as ->sqe may still be pointing to +the original SQE. Since the prep side already does this READ_ONCE() and +stores it locally, use that value rather than re-read it. + +Fixes: 8e9fad0e70b7b ("io_uring: Add io_uring command support for sockets") +Link: https://lore.kernel.org/r/20250121-uring-sockcmd-fix-v1-1-add742802a29@google.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + io_uring/uring_cmd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c +index ce7726a048834..25cae9f5575be 100644 +--- a/io_uring/uring_cmd.c ++++ b/io_uring/uring_cmd.c +@@ -362,7 +362,7 @@ int io_uring_cmd_sock(struct io_uring_cmd *cmd, unsigned int issue_flags) + if (!prot || !prot->ioctl) + return -EOPNOTSUPP; + +- switch (cmd->sqe->cmd_op) { ++ switch (cmd->cmd_op) { + case SOCKET_URING_OP_SIOCINQ: + ret = prot->ioctl(sk, SIOCINQ, &arg); + if (ret) +-- +2.39.5 + diff --git a/queue-6.13/kbuild-fix-clang-lto-with-config_objtool-n.patch b/queue-6.13/kbuild-fix-clang-lto-with-config_objtool-n.patch new file mode 100644 index 0000000000..e4d5a0924a --- /dev/null +++ b/queue-6.13/kbuild-fix-clang-lto-with-config_objtool-n.patch @@ -0,0 +1,73 @@ +From fe7904010009ae489fad4c00929ff45db65e7094 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 31 Jan 2025 23:04:01 +0900 +Subject: kbuild: fix Clang LTO with CONFIG_OBJTOOL=n + +From: Masahiro Yamada + +[ Upstream commit 695ed93bb30e03e9f826ee70abdd83f970741a37 ] + +Since commit bede169618c6 ("kbuild: enable objtool for *.mod.o and +additional kernel objects"), Clang LTO builds do not perform any +optimizations when CONFIG_OBJTOOL is disabled (e.g., for ARCH=arm64). +This is because every LLVM bitcode file is immediately converted to +ELF format before the object files are linked together. + +This commit fixes the breakage. + +Fixes: bede169618c6 ("kbuild: enable objtool for *.mod.o and additional kernel objects") +Reported-by: Yonghong Song +Signed-off-by: Masahiro Yamada +Tested-by: Yonghong Song +Signed-off-by: Sasha Levin +--- + scripts/Makefile.build | 2 ++ + scripts/Makefile.lib | 10 ++++++---- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/scripts/Makefile.build b/scripts/Makefile.build +index c16e4cf54d770..0b85bf27598a8 100644 +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -183,7 +183,9 @@ endif # CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT + + is-standard-object = $(if $(filter-out y%, $(OBJECT_FILES_NON_STANDARD_$(target-stem).o)$(OBJECT_FILES_NON_STANDARD)n),$(is-kernel-object)) + ++ifdef CONFIG_OBJTOOL + $(obj)/%.o: private objtool-enabled = $(if $(is-standard-object),$(if $(delay-objtool),$(is-single-obj-m),y)) ++endif + + ifneq ($(findstring 1, $(KBUILD_EXTRA_WARN)),) + cmd_warn_shared_object = $(if $(word 2, $(modname-multi)),$(warning $(kbuild-file): $*.o is added to multiple modules: $(modname-multi))) +diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib +index 7395200538da8..2e280a02e9e65 100644 +--- a/scripts/Makefile.lib ++++ b/scripts/Makefile.lib +@@ -287,6 +287,8 @@ delay-objtool := $(or $(CONFIG_LTO_CLANG),$(CONFIG_X86_KERNEL_IBT)) + cmd_objtool = $(if $(objtool-enabled), ; $(objtool) $(objtool-args) $@) + cmd_gen_objtooldep = $(if $(objtool-enabled), { echo ; echo '$@: $$(wildcard $(objtool))' ; } >> $(dot-target).cmd) + ++objtool-enabled := y ++ + endif # CONFIG_OBJTOOL + + # Useful for describing the dependency of composite objects +@@ -302,11 +304,11 @@ endef + # =========================================================================== + # These are shared by some Makefile.* files. + +-objtool-enabled := y +- + ifdef CONFIG_LTO_CLANG +-# objtool cannot process LLVM IR. Make $(LD) covert LLVM IR to ELF here. +-cmd_ld_single = $(if $(objtool-enabled), ; $(LD) $(ld_flags) -r -o $(tmp-target) $@; mv $(tmp-target) $@) ++# Run $(LD) here to covert LLVM IR to ELF in the following cases: ++# - when this object needs objtool processing, as objtool cannot process LLVM IR ++# - when this is a single-object module, as modpost cannot process LLVM IR ++cmd_ld_single = $(if $(objtool-enabled)$(is-single-obj-m), ; $(LD) $(ld_flags) -r -o $(tmp-target) $@; mv $(tmp-target) $@) + endif + + quiet_cmd_cc_o_c = CC $(quiet_modtag) $@ +-- +2.39.5 + diff --git a/queue-6.13/kbuild-fix-signing-issue-for-external-modules.patch b/queue-6.13/kbuild-fix-signing-issue-for-external-modules.patch new file mode 100644 index 0000000000..634de60877 --- /dev/null +++ b/queue-6.13/kbuild-fix-signing-issue-for-external-modules.patch @@ -0,0 +1,46 @@ +From 364e901be751eff91c5476954ed05ceb8a7a6044 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Jan 2025 07:01:29 +0100 +Subject: kbuild: Fix signing issue for external modules + +From: Torsten Hilbrich + +[ Upstream commit 25ff08aa43e373a61c3e36fc7d7cae88ed0fc2d7 ] + +When running the sign script the kernel is within the source directory +of external modules. This caused issues when the kernel uses relative +paths, like: + +make[5]: Entering directory '/build/client/devel/kernel/work/linux-2.6' +make[6]: Entering directory '/build/client/devel/addmodules/vtx/work/vtx' + INSTALL /build/client/devel/addmodules/vtx/_/lib/modules/6.13.0-devel+/extra/vtx.ko + SIGN /build/client/devel/addmodules/vtx/_/lib/modules/6.13.0-devel+/extra/vtx.ko +/bin/sh: 1: scripts/sign-file: not found + DEPMOD /build/client/devel/addmodules/vtx/_/lib/modules/6.13.0-devel+ + +Working around it by using absolute pathes here. + +Fixes: 13b25489b6f8 ("kbuild: change working directory to external module directory with M=") +Signed-off-by: Torsten Hilbrich +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + scripts/Makefile.modinst | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst +index f97c9926ed31b..1628198f3e830 100644 +--- a/scripts/Makefile.modinst ++++ b/scripts/Makefile.modinst +@@ -105,7 +105,7 @@ else + sig-key := $(CONFIG_MODULE_SIG_KEY) + endif + quiet_cmd_sign = SIGN $@ +- cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \ ++ cmd_sign = $(objtree)/scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" $(objtree)/certs/signing_key.x509 $@ \ + $(if $(KBUILD_EXTMOD),|| true) + + ifeq ($(sign-only),) +-- +2.39.5 + diff --git a/queue-6.13/kconfig-fix-file-name-in-warnings-when-loading-kconf.patch b/queue-6.13/kconfig-fix-file-name-in-warnings-when-loading-kconf.patch new file mode 100644 index 0000000000..cb2e6494fe --- /dev/null +++ b/queue-6.13/kconfig-fix-file-name-in-warnings-when-loading-kconf.patch @@ -0,0 +1,74 @@ +From 497f5048b06b91ec72ee867e6a38c764166acb99 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 20 Jan 2025 16:59:14 +0900 +Subject: kconfig: fix file name in warnings when loading + KCONFIG_DEFCONFIG_LIST + +From: Masahiro Yamada + +[ Upstream commit a314f52a0210730d0d556de76bb7388e76d4597d ] + +Most 'make *config' commands use .config as the base configuration file. + +When .config does not exist, Kconfig tries to load a file listed in +KCONFIG_DEFCONFIG_LIST instead. + +However, since commit b75b0a819af9 ("kconfig: change defconfig_list +option to environment variable"), warning messages have displayed an +incorrect file name in such cases. + +Below is a demonstration using Debian Trixie. While loading +/boot/config-6.12.9-amd64, the warning messages incorrectly show .config +as the file name. + +With this commit, the correct file name is displayed in warnings. + +[Before] + + $ rm -f .config + $ make config + # + # using defaults found in /boot/config-6.12.9-amd64 + # + .config:6804:warning: symbol value 'm' invalid for FB_BACKLIGHT + .config:9895:warning: symbol value 'm' invalid for ANDROID_BINDER_IPC + +[After] + + $ rm -f .config + $ make config + # + # using defaults found in /boot/config-6.12.9-amd64 + # + /boot/config-6.12.9-amd64:6804:warning: symbol value 'm' invalid for FB_BACKLIGHT + /boot/config-6.12.9-amd64:9895:warning: symbol value 'm' invalid for ANDROID_BINDER_IPC + +Fixes: b75b0a819af9 ("kconfig: change defconfig_list option to environment variable") +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + scripts/kconfig/confdata.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c +index 4286d5e7f95dc..3b55e7a4131d9 100644 +--- a/scripts/kconfig/confdata.c ++++ b/scripts/kconfig/confdata.c +@@ -360,10 +360,12 @@ int conf_read_simple(const char *name, int def) + + *p = '\0'; + +- in = zconf_fopen(env); ++ name = env; ++ ++ in = zconf_fopen(name); + if (in) { + conf_message("using defaults found in %s", +- env); ++ name); + goto load; + } + +-- +2.39.5 + diff --git a/queue-6.13/kconfig-fix-memory-leak-in-sym_warn_unmet_dep.patch b/queue-6.13/kconfig-fix-memory-leak-in-sym_warn_unmet_dep.patch new file mode 100644 index 0000000000..b1e304db53 --- /dev/null +++ b/queue-6.13/kconfig-fix-memory-leak-in-sym_warn_unmet_dep.patch @@ -0,0 +1,35 @@ +From d0427b14946d63e6c35b27efac6d0c861c2d2c15 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 20 Jan 2025 17:10:31 +0900 +Subject: kconfig: fix memory leak in sym_warn_unmet_dep() + +From: Masahiro Yamada + +[ Upstream commit a409fc1463d664002ea9bf700ae4674df03de111 ] + +The string allocated in sym_warn_unmet_dep() is never freed, leading +to a memory leak when an unmet dependency is detected. + +Fixes: f8f69dc0b4e0 ("kconfig: make unmet dependency warnings readable") +Signed-off-by: Masahiro Yamada +Reviewed-by: Petr Vorel +Signed-off-by: Sasha Levin +--- + scripts/kconfig/symbol.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c +index 89b84bf8e21fa..7beb59dec5a08 100644 +--- a/scripts/kconfig/symbol.c ++++ b/scripts/kconfig/symbol.c +@@ -388,6 +388,7 @@ static void sym_warn_unmet_dep(const struct symbol *sym) + " Selected by [m]:\n"); + + fputs(str_get(&gs), stderr); ++ str_free(&gs); + sym_warnings++; + } + +-- +2.39.5 + diff --git a/queue-6.13/kernel-be-more-careful-about-dup_mmap-failures-and-u.patch b/queue-6.13/kernel-be-more-careful-about-dup_mmap-failures-and-u.patch new file mode 100644 index 0000000000..e5621edbeb --- /dev/null +++ b/queue-6.13/kernel-be-more-careful-about-dup_mmap-failures-and-u.patch @@ -0,0 +1,114 @@ +From 01b8bf4ee1791893cbb18ce595de9cd9a5e744bd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 27 Jan 2025 12:02:21 -0500 +Subject: kernel: be more careful about dup_mmap() failures and uprobe + registering + +From: Liam R. Howlett + +[ Upstream commit 64c37e134b120fb462fb4a80694bfb8e7be77b14 ] + +If a memory allocation fails during dup_mmap(), the maple tree can be left +in an unsafe state for other iterators besides the exit path. All the +locks are dropped before the exit_mmap() call (in mm/mmap.c), but the +incomplete mm_struct can be reached through (at least) the rmap finding +the vmas which have a pointer back to the mm_struct. + +Up to this point, there have been no issues with being able to find an +mm_struct that was only partially initialised. Syzbot was able to make +the incomplete mm_struct fail with recent forking changes, so it has been +proven unsafe to use the mm_struct that hasn't been initialised, as +referenced in the link below. + +Although 8ac662f5da19f ("fork: avoid inappropriate uprobe access to +invalid mm") fixed the uprobe access, it does not completely remove the +race. + +This patch sets the MMF_OOM_SKIP to avoid the iteration of the vmas on the +oom side (even though this is extremely unlikely to be selected as an oom +victim in the race window), and sets MMF_UNSTABLE to avoid other potential +users from using a partially initialised mm_struct. + +When registering vmas for uprobe, skip the vmas in an mm that is marked +unstable. Modifying a vma in an unstable mm may cause issues if the mm +isn't fully initialised. + +Link: https://lore.kernel.org/all/6756d273.050a0220.2477f.003d.GAE@google.com/ +Link: https://lkml.kernel.org/r/20250127170221.1761366-1-Liam.Howlett@oracle.com +Fixes: d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") +Signed-off-by: Liam R. Howlett +Reviewed-by: Lorenzo Stoakes +Cc: Oleg Nesterov +Cc: Masami Hiramatsu +Cc: Jann Horn +Cc: Peter Zijlstra +Cc: Michal Hocko +Cc: Peng Zhang +Cc: Matthew Wilcox +Signed-off-by: Andrew Morton +Signed-off-by: Sasha Levin +--- + kernel/events/uprobes.c | 4 ++++ + kernel/fork.c | 17 ++++++++++++++--- + 2 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c +index 5d71ef85420c5..7f1a95b4f14de 100644 +--- a/kernel/events/uprobes.c ++++ b/kernel/events/uprobes.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include /* check_stable_address_space */ + + #include + +@@ -1260,6 +1261,9 @@ register_for_each_vma(struct uprobe *uprobe, struct uprobe_consumer *new) + * returns NULL in find_active_uprobe_rcu(). + */ + mmap_write_lock(mm); ++ if (check_stable_address_space(mm)) ++ goto unlock; ++ + vma = find_vma(mm, info->vaddr); + if (!vma || !valid_vma(vma, is_register) || + file_inode(vma->vm_file) != uprobe->inode) +diff --git a/kernel/fork.c b/kernel/fork.c +index 9b301180fd416..9da032802e347 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -760,7 +760,8 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, + mt_set_in_rcu(vmi.mas.tree); + ksm_fork(mm, oldmm); + khugepaged_fork(mm, oldmm); +- } else if (mpnt) { ++ } else { ++ + /* + * The entire maple tree has already been duplicated. If the + * mmap duplication fails, mark the failure point with +@@ -768,8 +769,18 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, + * stop releasing VMAs that have not been duplicated after this + * point. + */ +- mas_set_range(&vmi.mas, mpnt->vm_start, mpnt->vm_end - 1); +- mas_store(&vmi.mas, XA_ZERO_ENTRY); ++ if (mpnt) { ++ mas_set_range(&vmi.mas, mpnt->vm_start, mpnt->vm_end - 1); ++ mas_store(&vmi.mas, XA_ZERO_ENTRY); ++ /* Avoid OOM iterating a broken tree */ ++ set_bit(MMF_OOM_SKIP, &mm->flags); ++ } ++ /* ++ * The mm_struct is going to exit, but the locks will be dropped ++ * first. Set the mm_struct as unstable is advisable as it is ++ * not fully initialised. ++ */ ++ set_bit(MMF_UNSTABLE, &mm->flags); + } + out: + mmap_write_unlock(mm); +-- +2.39.5 + diff --git a/queue-6.13/risc-v-mark-riscv_v_init-as-__init.patch b/queue-6.13/risc-v-mark-riscv_v_init-as-__init.patch new file mode 100644 index 0000000000..5463ba7d5b --- /dev/null +++ b/queue-6.13/risc-v-mark-riscv_v_init-as-__init.patch @@ -0,0 +1,38 @@ +From 527b4668cd754bd89b650344bdd4e92ce5ee3dc2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Jan 2025 10:02:51 -0800 +Subject: RISC-V: Mark riscv_v_init() as __init + +From: Palmer Dabbelt + +[ Upstream commit 9d87cf525fd2e1a5fcbbb40ee3df216d1d266c88 ] + +This trips up with Xtheadvector enabled, but as far as I can tell it's +just been an issue since the original patchset. + +Fixes: 7ca7a7b9b635 ("riscv: Add sysctl to set the default vector rule for new processes") +Reviewed-by: Charlie Jenkins +Tested-by: Charlie Jenkins +Link: https://lore.kernel.org/r/20250115180251.31444-1-palmer@rivosinc.com +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/vector.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/riscv/kernel/vector.c b/arch/riscv/kernel/vector.c +index 821818886fab0..39f0577f580de 100644 +--- a/arch/riscv/kernel/vector.c ++++ b/arch/riscv/kernel/vector.c +@@ -309,7 +309,7 @@ static int __init riscv_v_sysctl_init(void) + static int __init riscv_v_sysctl_init(void) { return 0; } + #endif /* ! CONFIG_SYSCTL */ + +-static int riscv_v_init(void) ++static int __init riscv_v_init(void) + { + return riscv_v_sysctl_init(); + } +-- +2.39.5 + diff --git a/queue-6.13/series b/queue-6.13/series index f3e0418a34..f909c35d91 100644 --- a/queue-6.13/series +++ b/queue-6.13/series @@ -549,3 +549,23 @@ net-xdp-disallow-attaching-device-bound-programs-in-.patch net-ravb-fix-missing-rtnl-lock-in-suspend-resume-pat.patch net-sh_eth-fix-missing-rtnl-lock-in-suspend-resume-p.patch net-hsr-fix-fill_frame_info-regression-vs-vlan-packe.patch +genksyms-fix-memory-leak-when-the-same-symbol-is-add.patch +genksyms-fix-memory-leak-when-the-same-symbol-is-rea.patch +hostfs-fix-string-handling-in-__dentry_name.patch +tools-power-turbostat-fix-pmt-mmaped-file-size-round.patch +kbuild-fix-signing-issue-for-external-modules.patch +risc-v-mark-riscv_v_init-as-__init.patch +asoc-rockchip-i2s_tdm-re-add-the-set_sysclk-callback.patch +io_uring-msg_ring-don-t-leave-potentially-dangling-t.patch +io_uring-uring_cmd-use-cached-cmd_op-in-io_uring_cmd.patch +io_uring-register-use-atomic_read-write-for-sq_flags.patch +asoc-amd-acp-fix-possible-deadlock.patch +tools-power-turbostat-fix-forked-child-affinity-regr.patch +cifs-validate-eas-for-wsl-reparse-points.patch +cifs-fix-getting-and-setting-sacls-over-smb1.patch +kconfig-fix-file-name-in-warnings-when-loading-kconf.patch +kconfig-fix-memory-leak-in-sym_warn_unmet_dep.patch +hexagon-fix-using-plain-integer-as-null-pointer-warn.patch +hexagon-fix-unbalanced-spinlock-in-die.patch +kbuild-fix-clang-lto-with-config_objtool-n.patch +kernel-be-more-careful-about-dup_mmap-failures-and-u.patch diff --git a/queue-6.13/tools-power-turbostat-fix-forked-child-affinity-regr.patch b/queue-6.13/tools-power-turbostat-fix-forked-child-affinity-regr.patch new file mode 100644 index 0000000000..7d6a40540e --- /dev/null +++ b/queue-6.13/tools-power-turbostat-fix-forked-child-affinity-regr.patch @@ -0,0 +1,129 @@ +From 41260220b16711567ad9f4104994b70e1654f054 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 27 Jan 2025 16:42:19 -0600 +Subject: tools/power turbostat: Fix forked child affinity regression + +From: Len Brown + +[ Upstream commit b32c36975da48afc9089f8b61f7b2dcc40e479d2 ] + +In "one-shot" mode, turbostat +1. takes a counter snapshot +2. forks and waits for a child +3. takes the end counter snapshot and prints the result. + +But turbostat counter snapshots currently use affinity to travel +around the system so that counter reads are "local", and this +affinity must be cleared between #1 and #2 above. + +The offending commit removed that reset that allowed the child +to run on cpu_present_set. + +Fix that issue, and improve upon the original by using +cpu_possible_set for the child. This allows the child +to also run on CPUs that hotplug online during its runtime. + +Reported-by: Zhang Rui +Fixes: 7bb3fe27ad4f ("tools/power/turbostat: Obey allowed CPUs during startup") +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.c | 54 ++++++++++++++++++++++++++- + 1 file changed, 52 insertions(+), 2 deletions(-) + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 82e427d597f0f..8ec677c639ece 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -1096,8 +1096,8 @@ int backwards_count; + char *progname; + + #define CPU_SUBSET_MAXCPUS 1024 /* need to use before probe... */ +-cpu_set_t *cpu_present_set, *cpu_effective_set, *cpu_allowed_set, *cpu_affinity_set, *cpu_subset; +-size_t cpu_present_setsize, cpu_effective_setsize, cpu_allowed_setsize, cpu_affinity_setsize, cpu_subset_size; ++cpu_set_t *cpu_present_set, *cpu_possible_set, *cpu_effective_set, *cpu_allowed_set, *cpu_affinity_set, *cpu_subset; ++size_t cpu_present_setsize, cpu_possible_setsize, cpu_effective_setsize, cpu_allowed_setsize, cpu_affinity_setsize, cpu_subset_size; + #define MAX_ADDED_THREAD_COUNTERS 24 + #define MAX_ADDED_CORE_COUNTERS 8 + #define MAX_ADDED_PACKAGE_COUNTERS 16 +@@ -8294,6 +8294,33 @@ int dir_filter(const struct dirent *dirp) + return 0; + } + ++char *possible_file = "/sys/devices/system/cpu/possible"; ++char possible_buf[1024]; ++ ++int initialize_cpu_possible_set(void) ++{ ++ FILE *fp; ++ ++ fp = fopen(possible_file, "r"); ++ if (!fp) { ++ warn("open %s", possible_file); ++ return -1; ++ } ++ if (fread(possible_buf, sizeof(char), 1024, fp) == 0) { ++ warn("read %s", possible_file); ++ goto err; ++ } ++ if (parse_cpu_str(possible_buf, cpu_possible_set, cpu_possible_setsize)) { ++ warnx("%s: cpu str malformat %s\n", possible_file, cpu_effective_str); ++ goto err; ++ } ++ return 0; ++ ++err: ++ fclose(fp); ++ return -1; ++} ++ + void topology_probe(bool startup) + { + int i; +@@ -8325,6 +8352,16 @@ void topology_probe(bool startup) + CPU_ZERO_S(cpu_present_setsize, cpu_present_set); + for_all_proc_cpus(mark_cpu_present); + ++ /* ++ * Allocate and initialize cpu_possible_set ++ */ ++ cpu_possible_set = CPU_ALLOC((topo.max_cpu_num + 1)); ++ if (cpu_possible_set == NULL) ++ err(3, "CPU_ALLOC"); ++ cpu_possible_setsize = CPU_ALLOC_SIZE((topo.max_cpu_num + 1)); ++ CPU_ZERO_S(cpu_possible_setsize, cpu_possible_set); ++ initialize_cpu_possible_set(); ++ + /* + * Allocate and initialize cpu_effective_set + */ +@@ -9165,6 +9202,18 @@ void turbostat_init() + } + } + ++void affinitize_child(void) ++{ ++ /* Prefer cpu_possible_set, if available */ ++ if (sched_setaffinity(0, cpu_possible_setsize, cpu_possible_set)) { ++ warn("sched_setaffinity cpu_possible_set"); ++ ++ /* Otherwise, allow child to run on same cpu set as turbostat */ ++ if (sched_setaffinity(0, cpu_allowed_setsize, cpu_allowed_set)) ++ warn("sched_setaffinity cpu_allowed_set"); ++ } ++} ++ + int fork_it(char **argv) + { + pid_t child_pid; +@@ -9180,6 +9229,7 @@ int fork_it(char **argv) + child_pid = fork(); + if (!child_pid) { + /* child */ ++ affinitize_child(); + execvp(argv[0], argv); + err(errno, "exec %s", argv[0]); + } else { +-- +2.39.5 + diff --git a/queue-6.13/tools-power-turbostat-fix-pmt-mmaped-file-size-round.patch b/queue-6.13/tools-power-turbostat-fix-pmt-mmaped-file-size-round.patch new file mode 100644 index 0000000000..0c29107432 --- /dev/null +++ b/queue-6.13/tools-power-turbostat-fix-pmt-mmaped-file-size-round.patch @@ -0,0 +1,47 @@ +From 44fa000ca4bdd01c2f3aaadf98914a257a7eef1d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 Dec 2024 13:38:34 +0100 +Subject: tools/power turbostat: Fix PMT mmaped file size rounding + +From: Patryk Wlazlyn + +[ Upstream commit 2f60f03934a50bc1fb69bb4f47a25cddd6807b0b ] + +This (the old code) is just not how you round up to a page size. +Noticed on a recent Intel platform. Previous ones must have been +reporting sizes already aligned to a page and so the bug was missed when +testing. + +Fixes: f0e4ed752fda ("tools/power turbostat: Add early support for PMT counters") +Signed-off-by: Patryk Wlazlyn +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 58a487c225a73..82e427d597f0f 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -95,6 +95,8 @@ + #define INTEL_ECORE_TYPE 0x20 + #define INTEL_PCORE_TYPE 0x40 + ++#define ROUND_UP_TO_PAGE_SIZE(n) (((n) + 0x1000UL-1UL) & ~(0x1000UL-1UL)) ++ + enum counter_scope { SCOPE_CPU, SCOPE_CORE, SCOPE_PACKAGE }; + enum counter_type { COUNTER_ITEMS, COUNTER_CYCLES, COUNTER_SECONDS, COUNTER_USEC, COUNTER_K2M }; + enum counter_format { FORMAT_RAW, FORMAT_DELTA, FORMAT_PERCENT, FORMAT_AVERAGE }; +@@ -8924,7 +8926,7 @@ struct pmt_mmio *pmt_mmio_open(unsigned int target_guid) + if (fd_pmt == -1) + goto loop_cleanup_and_break; + +- mmap_size = (size + 0x1000UL) & (~0x1000UL); ++ mmap_size = ROUND_UP_TO_PAGE_SIZE(size); + mmio = mmap(0, mmap_size, PROT_READ, MAP_SHARED, fd_pmt, 0); + if (mmio != MAP_FAILED) { + +-- +2.39.5 +