From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 21 Apr 2022 10:03:29 +0000 (+0200)
Subject: 5.17-stable patches
X-Git-Tag: v4.9.312~79
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b925dfad7b9443582952de427a12234b894dc88c;p=thirdparty%2Fkernel%2Fstable-queue.git

5.17-stable patches

added patches:
	block-compat_ioctl-fix-range-check-in-blkgetsize.patch
	drm-amd-display-only-set-psr-version-when-valid.patch
	perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
---

diff --git a/queue-5.17/block-compat_ioctl-fix-range-check-in-blkgetsize.patch b/queue-5.17/block-compat_ioctl-fix-range-check-in-blkgetsize.patch
new file mode 100644
index 00000000000..d5fd123c820
--- /dev/null
+++ b/queue-5.17/block-compat_ioctl-fix-range-check-in-blkgetsize.patch
@@ -0,0 +1,36 @@
+From ccf16413e520164eb718cf8b22a30438da80ff23 Mon Sep 17 00:00:00 2001
+From: Khazhismel Kumykov <khazhy@google.com>
+Date: Thu, 14 Apr 2022 15:40:56 -0700
+Subject: block/compat_ioctl: fix range check in BLKGETSIZE
+
+From: Khazhismel Kumykov <khazhy@google.com>
+
+commit ccf16413e520164eb718cf8b22a30438da80ff23 upstream.
+
+kernel ulong and compat_ulong_t may not be same width. Use type directly
+to eliminate mismatches.
+
+This would result in truncation rather than EFBIG for 32bit mode for
+large disks.
+
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
+Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
+Link: https://lore.kernel.org/r/20220414224056.2875681-1-khazhy@google.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ block/ioctl.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/block/ioctl.c
++++ b/block/ioctl.c
+@@ -629,7 +629,7 @@ long compat_blkdev_ioctl(struct file *fi
+ 		return compat_put_long(argp,
+ 			(bdev->bd_disk->bdi->ra_pages * PAGE_SIZE) / 512);
+ 	case BLKGETSIZE:
+-		if (bdev_nr_sectors(bdev) > ~0UL)
++		if (bdev_nr_sectors(bdev) > ~(compat_ulong_t)0)
+ 			return -EFBIG;
+ 		return compat_put_ulong(argp, bdev_nr_sectors(bdev));
+ 
diff --git a/queue-5.17/drm-amd-display-only-set-psr-version-when-valid.patch b/queue-5.17/drm-amd-display-only-set-psr-version-when-valid.patch
new file mode 100644
index 00000000000..aa4dadfbf29
--- /dev/null
+++ b/queue-5.17/drm-amd-display-only-set-psr-version-when-valid.patch
@@ -0,0 +1,42 @@
+From 1210b17dd4ece454d68a9283f391e3b036aeb010 Mon Sep 17 00:00:00 2001
+From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Date: Sun, 23 Jan 2022 13:20:02 -0500
+Subject: drm/amd/display: Only set PSR version when valid
+
+From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+
+commit 1210b17dd4ece454d68a9283f391e3b036aeb010 upstream.
+
+[Why]
+DMCUB will hang if we send a PSR unsupported set version command.
+
+This can occur if we fall-through into the default case in the switch
+statement for PSR version.
+
+[How]
+Add an unsupported check after the switch statement.
+
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Reviewed-by: Anthony Koo <Anthony.Koo@amd.com>
+Acked-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
+Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: "Limonciello, Mario" <Mario.Limonciello@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c
++++ b/drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c
+@@ -138,6 +138,10 @@ static bool dmub_psr_set_version(struct
+ 		cmd.psr_set_version.psr_set_version_data.version = PSR_VERSION_UNSUPPORTED;
+ 		break;
+ 	}
++
++	if (cmd.psr_set_version.psr_set_version_data.version == PSR_VERSION_UNSUPPORTED)
++		return false;
++
+ 	cmd.psr_set_version.psr_set_version_data.cmd_version = DMUB_CMD_PSR_CONTROL_VERSION_1;
+ 	cmd.psr_set_version.psr_set_version_data.panel_inst = panel_inst;
+ 	cmd.psr_set_version.header.payload_bytes = sizeof(struct dmub_cmd_psr_set_version_data);
diff --git a/queue-5.17/perf-tools-fix-segfault-accessing-sample_id-xyarray.patch b/queue-5.17/perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
new file mode 100644
index 00000000000..a798c5c4fbf
--- /dev/null
+++ b/queue-5.17/perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
@@ -0,0 +1,64 @@
+From a668cc07f990d2ed19424d5c1a529521a9d1cee1 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 13 Apr 2022 14:42:32 +0300
+Subject: perf tools: Fix segfault accessing sample_id xyarray
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit a668cc07f990d2ed19424d5c1a529521a9d1cee1 upstream.
+
+perf_evsel::sample_id is an xyarray which can cause a segfault when
+accessed beyond its size. e.g.
+
+  # perf record -e intel_pt// -C 1 sleep 1
+  Segmentation fault (core dumped)
+  #
+
+That is happening because a dummy event is opened to capture text poke
+events accross all CPUs, however the mmap logic is allocating according
+to the number of user_requested_cpus.
+
+In general, perf sometimes uses the evsel cpus to open events, and
+sometimes the evlist user_requested_cpus. However, it is not necessary
+to determine which case is which because the opened event file
+descriptors are also in an xyarray, the size of whch can be used
+to correctly allocate the size of the sample_id xyarray, because there
+is one ID per file descriptor.
+
+Note, in the affected code path, perf_evsel fd array is subsequently
+used to get the file descriptor for the mmap, so it makes sense for the
+xyarrays to be the same size there.
+
+Fixes: d1a177595b3a824c ("libperf: Adopt perf_evlist__mmap()/munmap() from tools/perf")
+Fixes: 246eba8e9041c477 ("perf tools: Add support for PERF_RECORD_TEXT_POKE")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Acked-by: Ian Rogers <irogers@google.com>
+Cc: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: stable@vger.kernel.org # 5.5+
+Link: https://lore.kernel.org/r/20220413114232.26914-1-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/lib/perf/evlist.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/tools/lib/perf/evlist.c
++++ b/tools/lib/perf/evlist.c
+@@ -577,7 +577,6 @@ int perf_evlist__mmap_ops(struct perf_ev
+ {
+ 	struct perf_evsel *evsel;
+ 	const struct perf_cpu_map *cpus = evlist->cpus;
+-	const struct perf_thread_map *threads = evlist->threads;
+ 
+ 	if (!ops || !ops->get || !ops->mmap)
+ 		return -EINVAL;
+@@ -589,7 +588,7 @@ int perf_evlist__mmap_ops(struct perf_ev
+ 	perf_evlist__for_each_entry(evlist, evsel) {
+ 		if ((evsel->attr.read_format & PERF_FORMAT_ID) &&
+ 		    evsel->sample_id == NULL &&
+-		    perf_evsel__alloc_id(evsel, perf_cpu_map__nr(cpus), threads->nr) < 0)
++		    perf_evsel__alloc_id(evsel, evsel->fd->max_x, evsel->fd->max_y) < 0)
+ 			return -ENOMEM;
+ 	}
+ 
diff --git a/queue-5.17/series b/queue-5.17/series
index 790e342c663..319cf709ff9 100644
--- a/queue-5.17/series
+++ b/queue-5.17/series
@@ -1 +1,4 @@
 etherdevice-adjust-ether_addr-prototypes-to-silence-wstringop-overead.patch
+perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
+drm-amd-display-only-set-psr-version-when-valid.patch
+block-compat_ioctl-fix-range-check-in-blkgetsize.patch