From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 11 Apr 2022 15:46:32 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v4.9.310~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c9a9fa5f554a49e990611ee787747eb74fa5c271;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	drivers-hv-vmbus-replace-smp_store_mb-with-virt_store_mb.patch
	irqchip-gic-gic-v3-prevent-gsi-to-sgi-translations.patch
	mm-sparsemem-fix-mem_section-will-never-be-null-gcc-12-warning.patch
---

diff --git a/queue-5.10/drivers-hv-vmbus-replace-smp_store_mb-with-virt_store_mb.patch b/queue-5.10/drivers-hv-vmbus-replace-smp_store_mb-with-virt_store_mb.patch
new file mode 100644
index 00000000000..6805c6e1baf
--- /dev/null
+++ b/queue-5.10/drivers-hv-vmbus-replace-smp_store_mb-with-virt_store_mb.patch
@@ -0,0 +1,49 @@
+From eaa03d34535872d29004cb5cf77dc9dec1ba9a25 Mon Sep 17 00:00:00 2001
+From: "Andrea Parri (Microsoft)" <parri.andrea@gmail.com>
+Date: Mon, 28 Mar 2022 17:44:57 +0200
+Subject: Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
+
+From: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
+
+commit eaa03d34535872d29004cb5cf77dc9dec1ba9a25 upstream.
+
+Following the recommendation in Documentation/memory-barriers.txt for
+virtual machine guests.
+
+Fixes: 8b6a877c060ed ("Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels")
+Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
+Link: https://lore.kernel.org/r/20220328154457.100872-1-parri.andrea@gmail.com
+Signed-off-by: Wei Liu <wei.liu@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hv/channel_mgmt.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/hv/channel_mgmt.c
++++ b/drivers/hv/channel_mgmt.c
+@@ -350,7 +350,7 @@ void vmbus_channel_map_relid(struct vmbu
+ 	 * execute:
+ 	 *
+ 	 *  (a) In the "normal (i.e., not resuming from hibernation)" path,
+-	 *      the full barrier in smp_store_mb() guarantees that the store
++	 *      the full barrier in virt_store_mb() guarantees that the store
+ 	 *      is propagated to all CPUs before the add_channel_work work
+ 	 *      is queued.  In turn, add_channel_work is queued before the
+ 	 *      channel's ring buffer is allocated/initialized and the
+@@ -362,14 +362,14 @@ void vmbus_channel_map_relid(struct vmbu
+ 	 *      recv_int_page before retrieving the channel pointer from the
+ 	 *      array of channels.
+ 	 *
+-	 *  (b) In the "resuming from hibernation" path, the smp_store_mb()
++	 *  (b) In the "resuming from hibernation" path, the virt_store_mb()
+ 	 *      guarantees that the store is propagated to all CPUs before
+ 	 *      the VMBus connection is marked as ready for the resume event
+ 	 *      (cf. check_ready_for_resume_event()).  The interrupt handler
+ 	 *      of the VMBus driver and vmbus_chan_sched() can not run before
+ 	 *      vmbus_bus_resume() has completed execution (cf. resume_noirq).
+ 	 */
+-	smp_store_mb(
++	virt_store_mb(
+ 		vmbus_connection.channels[channel->offermsg.child_relid],
+ 		channel);
+ }
diff --git a/queue-5.10/irqchip-gic-gic-v3-prevent-gsi-to-sgi-translations.patch b/queue-5.10/irqchip-gic-gic-v3-prevent-gsi-to-sgi-translations.patch
new file mode 100644
index 00000000000..33655073571
--- /dev/null
+++ b/queue-5.10/irqchip-gic-gic-v3-prevent-gsi-to-sgi-translations.patch
@@ -0,0 +1,59 @@
+From 544808f7e21cb9ccdb8f3aa7de594c05b1419061 Mon Sep 17 00:00:00 2001
+From: Andre Przywara <andre.przywara@arm.com>
+Date: Mon, 4 Apr 2022 12:08:42 +0100
+Subject: irqchip/gic, gic-v3: Prevent GSI to SGI translations
+
+From: Andre Przywara <andre.przywara@arm.com>
+
+commit 544808f7e21cb9ccdb8f3aa7de594c05b1419061 upstream.
+
+At the moment the GIC IRQ domain translation routine happily converts
+ACPI table GSI numbers below 16 to GIC SGIs (Software Generated
+Interrupts aka IPIs). On the Devicetree side we explicitly forbid this
+translation, actually the function will never return HWIRQs below 16 when
+using a DT based domain translation.
+
+We expect SGIs to be handled in the first part of the function, and any
+further occurrence should be treated as a firmware bug, so add a check
+and print to report this explicitly and avoid lengthy debug sessions.
+
+Fixes: 64b499d8df40 ("irqchip/gic-v3: Configure SGIs as standard interrupts")
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20220404110842.2882446-1-andre.przywara@arm.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/irqchip/irq-gic-v3.c |    6 ++++++
+ drivers/irqchip/irq-gic.c    |    6 ++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/drivers/irqchip/irq-gic-v3.c
++++ b/drivers/irqchip/irq-gic-v3.c
+@@ -1467,6 +1467,12 @@ static int gic_irq_domain_translate(stru
+ 		if(fwspec->param_count != 2)
+ 			return -EINVAL;
+ 
++		if (fwspec->param[0] < 16) {
++			pr_err(FW_BUG "Illegal GSI%d translation request\n",
++			       fwspec->param[0]);
++			return -EINVAL;
++		}
++
+ 		*hwirq = fwspec->param[0];
+ 		*type = fwspec->param[1];
+ 
+--- a/drivers/irqchip/irq-gic.c
++++ b/drivers/irqchip/irq-gic.c
+@@ -1094,6 +1094,12 @@ static int gic_irq_domain_translate(stru
+ 		if(fwspec->param_count != 2)
+ 			return -EINVAL;
+ 
++		if (fwspec->param[0] < 16) {
++			pr_err(FW_BUG "Illegal GSI%d translation request\n",
++			       fwspec->param[0]);
++			return -EINVAL;
++		}
++
+ 		*hwirq = fwspec->param[0];
+ 		*type = fwspec->param[1];
+ 
diff --git a/queue-5.10/mm-sparsemem-fix-mem_section-will-never-be-null-gcc-12-warning.patch b/queue-5.10/mm-sparsemem-fix-mem_section-will-never-be-null-gcc-12-warning.patch
new file mode 100644
index 00000000000..866769fe7aa
--- /dev/null
+++ b/queue-5.10/mm-sparsemem-fix-mem_section-will-never-be-null-gcc-12-warning.patch
@@ -0,0 +1,77 @@
+From a431dbbc540532b7465eae4fc8b56a85a9fc7d17 Mon Sep 17 00:00:00 2001
+From: Waiman Long <longman@redhat.com>
+Date: Fri, 8 Apr 2022 13:09:01 -0700
+Subject: mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
+
+From: Waiman Long <longman@redhat.com>
+
+commit a431dbbc540532b7465eae4fc8b56a85a9fc7d17 upstream.
+
+The gcc 12 compiler reports a "'mem_section' will never be NULL" warning
+on the following code:
+
+    static inline struct mem_section *__nr_to_section(unsigned long nr)
+    {
+    #ifdef CONFIG_SPARSEMEM_EXTREME
+        if (!mem_section)
+                return NULL;
+    #endif
+        if (!mem_section[SECTION_NR_TO_ROOT(nr)])
+                return NULL;
+       :
+
+It happens with CONFIG_SPARSEMEM_EXTREME off.  The mem_section definition
+is
+
+    #ifdef CONFIG_SPARSEMEM_EXTREME
+    extern struct mem_section **mem_section;
+    #else
+    extern struct mem_section mem_section[NR_SECTION_ROOTS][SECTIONS_PER_ROOT];
+    #endif
+
+In the !CONFIG_SPARSEMEM_EXTREME case, mem_section is a static
+2-dimensional array and so the check "!mem_section[SECTION_NR_TO_ROOT(nr)]"
+doesn't make sense.
+
+Fix this warning by moving the "!mem_section[SECTION_NR_TO_ROOT(nr)]"
+check up inside the CONFIG_SPARSEMEM_EXTREME block and adding an
+explicit NR_SECTION_ROOTS check to make sure that there is no
+out-of-bound array access.
+
+Link: https://lkml.kernel.org/r/20220331180246.2746210-1-longman@redhat.com
+Fixes: 3e347261a80b ("sparsemem extreme implementation")
+Signed-off-by: Waiman Long <longman@redhat.com>
+Reported-by: Justin Forbes <jforbes@redhat.com>
+Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Rafael Aquini <aquini@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/mmzone.h |   11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/include/linux/mmzone.h
++++ b/include/linux/mmzone.h
+@@ -1252,13 +1252,16 @@ static inline unsigned long *section_to_
+ 
+ static inline struct mem_section *__nr_to_section(unsigned long nr)
+ {
++	unsigned long root = SECTION_NR_TO_ROOT(nr);
++
++	if (unlikely(root >= NR_SECTION_ROOTS))
++		return NULL;
++
+ #ifdef CONFIG_SPARSEMEM_EXTREME
+-	if (!mem_section)
++	if (!mem_section || !mem_section[root])
+ 		return NULL;
+ #endif
+-	if (!mem_section[SECTION_NR_TO_ROOT(nr)])
+-		return NULL;
+-	return &mem_section[SECTION_NR_TO_ROOT(nr)][nr & SECTION_ROOT_MASK];
++	return &mem_section[root][nr & SECTION_ROOT_MASK];
+ }
+ extern unsigned long __section_nr(struct mem_section *ms);
+ extern size_t mem_section_usage_size(void);
diff --git a/queue-5.10/series b/queue-5.10/series
index 5b8858d52e1..6f549e1b81b 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -165,3 +165,6 @@ selftests-cgroup-make-cg_create-use-0755-for-permission-instead-of-0644.patch
 selftests-cgroup-test-open-time-credential-usage-for-migration-checks.patch
 selftests-cgroup-test-open-time-cgroup-namespace-usage-for-migration-checks.patch
 arm64-module-remove-noload-from-linker-script.patch
+drivers-hv-vmbus-replace-smp_store_mb-with-virt_store_mb.patch
+irqchip-gic-gic-v3-prevent-gsi-to-sgi-translations.patch
+mm-sparsemem-fix-mem_section-will-never-be-null-gcc-12-warning.patch