From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 29 May 2025 11:41:24 +0000 (+0200)
Subject: 5.15-stable patches
X-Git-Tag: v5.4.294~44
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c3b102a278d86de907ff54f2a392181710fc235c;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	drm-i915-gvt-fix-unterminated-string-initialization-warning.patch
	xen-swiotlb-relax-alignment-requirements.patch
---

diff --git a/queue-5.15/drm-i915-gvt-fix-unterminated-string-initialization-warning.patch b/queue-5.15/drm-i915-gvt-fix-unterminated-string-initialization-warning.patch
new file mode 100644
index 0000000000..3249f8afcb
--- /dev/null
+++ b/queue-5.15/drm-i915-gvt-fix-unterminated-string-initialization-warning.patch
@@ -0,0 +1,63 @@
+From 6881a5a1bf876e747fd99226e671aaaf85bc8e45 Mon Sep 17 00:00:00 2001
+From: Jani Nikula <jani.nikula@intel.com>
+Date: Thu, 27 Mar 2025 14:47:39 +0200
+Subject: drm/i915/gvt: fix unterminated-string-initialization warning
+
+From: Jani Nikula <jani.nikula@intel.com>
+
+commit 2e43ae7dd71cd9bb0d1bce1d3306bf77523feb81 upstream.
+
+Initializing const char opregion_signature[16] = OPREGION_SIGNATURE
+(which is "IntelGraphicsMem") drops the NUL termination of the
+string. This is intentional, but the compiler doesn't know this.
+
+Switch to initializing header->signature directly from the string
+litaral, with sizeof destination rather than source. We don't treat the
+signature as a string other than for initialization; it's really just a
+blob of binary data.
+
+Add a static assert for good measure to cross-check the sizes.
+
+Reported-by: Kees Cook <kees@kernel.org>
+Closes: https://lore.kernel.org/r/20250310222355.work.417-kees@kernel.org
+Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/13934
+Tested-by: Nicolas Chauvet <kwizart@gmail.com>
+Tested-by: Damian Tometzki <damian@riscv-rocks.de>
+Cc: stable@vger.kernel.org
+Reviewed-by: Zhenyu Wang <zhenyuw.linux@gmail.com>
+Link: https://lore.kernel.org/r/20250327124739.2609656-1-jani.nikula@intel.com
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+(cherry picked from commit 4f8207469094bd04aad952258ceb9ff4c77b6bfa)
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+[nathan: Move static_assert() to top of function to avoid instance of
+         -Wdeclaration-after-statement due to lack of b5ec6fd286df]
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/gvt/opregion.c |    8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/gpu/drm/i915/gvt/opregion.c
++++ b/drivers/gpu/drm/i915/gvt/opregion.c
+@@ -222,7 +222,8 @@ int intel_vgpu_init_opregion(struct inte
+ 	u8 *buf;
+ 	struct opregion_header *header;
+ 	struct vbt v;
+-	const char opregion_signature[16] = OPREGION_SIGNATURE;
++
++	static_assert(sizeof(header->signature) == sizeof(OPREGION_SIGNATURE) - 1);
+ 
+ 	gvt_dbg_core("init vgpu%d opregion\n", vgpu->id);
+ 	vgpu_opregion(vgpu)->va = (void *)__get_free_pages(GFP_KERNEL |
+@@ -236,8 +237,9 @@ int intel_vgpu_init_opregion(struct inte
+ 	/* emulated opregion with VBT mailbox only */
+ 	buf = (u8 *)vgpu_opregion(vgpu)->va;
+ 	header = (struct opregion_header *)buf;
+-	memcpy(header->signature, opregion_signature,
+-	       sizeof(opregion_signature));
++
++	memcpy(header->signature, OPREGION_SIGNATURE, sizeof(header->signature));
++
+ 	header->size = 0x8;
+ 	header->opregion_ver = 0x02000000;
+ 	header->mboxes = MBOX_VBT;
diff --git a/queue-5.15/series b/queue-5.15/series
index f529727516..4527f0a80d 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -184,3 +184,5 @@ spi-spi-fsl-dspi-halt-the-module-after-a-new-message.patch
 spi-spi-fsl-dspi-reset-sr-flags-before-sending-a-new.patch
 kbuild-disable-wdefault-const-init-unsafe.patch
 i3c-master-svc-fix-implicit-fallthrough-in-svc_i3c_master_ibi_work.patch
+xen-swiotlb-relax-alignment-requirements.patch
+drm-i915-gvt-fix-unterminated-string-initialization-warning.patch
diff --git a/queue-5.15/xen-swiotlb-relax-alignment-requirements.patch b/queue-5.15/xen-swiotlb-relax-alignment-requirements.patch
new file mode 100644
index 0000000000..b9aa3f1b4f
--- /dev/null
+++ b/queue-5.15/xen-swiotlb-relax-alignment-requirements.patch
@@ -0,0 +1,78 @@
+From 85fcb57c983f423180ba6ec5d0034242da05cc54 Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Mon, 10 Feb 2025 08:43:39 +0100
+Subject: xen/swiotlb: relax alignment requirements
+
+From: Juergen Gross <jgross@suse.com>
+
+commit 85fcb57c983f423180ba6ec5d0034242da05cc54 upstream.
+
+When mapping a buffer for DMA via .map_page or .map_sg DMA operations,
+there is no need to check the machine frames to be aligned according
+to the mapped areas size. All what is needed in these cases is that the
+buffer is contiguous at machine level.
+
+So carve out the alignment check from range_straddles_page_boundary()
+and move it to a helper called by xen_swiotlb_alloc_coherent() and
+xen_swiotlb_free_coherent() directly.
+
+Fixes: 9f40ec84a797 ("xen/swiotlb: add alignment check for dma buffers")
+Reported-by: Jan Vejvalka <jan.vejvalka@lfmotol.cuni.cz>
+Tested-by: Jan Vejvalka <jan.vejvalka@lfmotol.cuni.cz>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Harshvardhan Jha <harshvardhan.j.jha@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/xen/swiotlb-xen.c |   18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+--- a/drivers/xen/swiotlb-xen.c
++++ b/drivers/xen/swiotlb-xen.c
+@@ -75,19 +75,21 @@ static inline phys_addr_t xen_dma_to_phy
+ 	return xen_bus_to_phys(dev, dma_to_phys(dev, dma_addr));
+ }
+ 
++static inline bool range_requires_alignment(phys_addr_t p, size_t size)
++{
++	phys_addr_t algn = 1ULL << (get_order(size) + PAGE_SHIFT);
++	phys_addr_t bus_addr = pfn_to_bfn(XEN_PFN_DOWN(p)) << XEN_PAGE_SHIFT;
++
++	return IS_ALIGNED(p, algn) && !IS_ALIGNED(bus_addr, algn);
++}
++
+ static inline int range_straddles_page_boundary(phys_addr_t p, size_t size)
+ {
+ 	unsigned long next_bfn, xen_pfn = XEN_PFN_DOWN(p);
+ 	unsigned int i, nr_pages = XEN_PFN_UP(xen_offset_in_page(p) + size);
+-	phys_addr_t algn = 1ULL << (get_order(size) + PAGE_SHIFT);
+ 
+ 	next_bfn = pfn_to_bfn(xen_pfn);
+ 
+-	/* If buffer is physically aligned, ensure DMA alignment. */
+-	if (IS_ALIGNED(p, algn) &&
+-	    !IS_ALIGNED((phys_addr_t)next_bfn << XEN_PAGE_SHIFT, algn))
+-		return 1;
+-
+ 	for (i = 1; i < nr_pages; i++)
+ 		if (pfn_to_bfn(++xen_pfn) != ++next_bfn)
+ 			return 1;
+@@ -306,7 +308,8 @@ xen_swiotlb_alloc_coherent(struct device
+ 	phys = dma_to_phys(hwdev, *dma_handle);
+ 	dev_addr = xen_phys_to_dma(hwdev, phys);
+ 	if (((dev_addr + size - 1 <= dma_mask)) &&
+-	    !range_straddles_page_boundary(phys, size))
++	    !range_straddles_page_boundary(phys, size) &&
++	    !range_requires_alignment(phys, size))
+ 		*dma_handle = dev_addr;
+ 	else {
+ 		if (xen_create_contiguous_region(phys, order,
+@@ -347,6 +350,7 @@ xen_swiotlb_free_coherent(struct device
+ 
+ 	if (!WARN_ON((dev_addr + size - 1 > dma_mask) ||
+ 		     range_straddles_page_boundary(phys, size)) &&
++	    !range_requires_alignment(phys, size) &&
+ 	    TestClearPageXenRemapped(page))
+ 		xen_destroy_contiguous_region(phys, order);
+