From: Greg Kroah-Hartman Date: Sun, 3 Apr 2022 13:50:04 +0000 (+0200) Subject: 5.16-stable patches X-Git-Tag: v5.17.2~101 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca83ea98ac3628aa8dfb75298e9bb4551c1abc92;p=thirdparty%2Fkernel%2Fstable-queue.git 5.16-stable patches added patches: acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch io_uring-fix-memory-leak-of-uid-in-files-registration.patch platform-chrome-cros_ec_typec-check-for-ec-device.patch riscv-module-remove-noload.patch spi-fix-tegra-qspi-example.patch vhost-handle-error-while-adding-split-ranges-to-iotlb.patch --- diff --git a/queue-5.16/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch b/queue-5.16/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch new file mode 100644 index 00000000000..5120b20ff75 --- /dev/null +++ b/queue-5.16/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch @@ -0,0 +1,37 @@ +From 40d8abf364bcab23bc715a9221a3c8623956257b Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Tue, 22 Mar 2022 17:02:05 +0100 +Subject: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data + +From: Rafael J. Wysocki + +commit 40d8abf364bcab23bc715a9221a3c8623956257b upstream. + +If the NumEntries field in the _CPC return package is less than 2, do +not attempt to access the "Revision" element of that package, because +it may not be present then. + +Fixes: 337aadff8e45 ("ACPI: Introduce CPU performance controls using CPPC") +BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/ +Reported-by: kernel test robot +Signed-off-by: Rafael J. Wysocki +Reviewed-by: Huang Rui +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/cppc_acpi.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/acpi/cppc_acpi.c ++++ b/drivers/acpi/cppc_acpi.c +@@ -690,6 +690,11 @@ int acpi_cppc_processor_probe(struct acp + cpc_obj = &out_obj->package.elements[0]; + if (cpc_obj->type == ACPI_TYPE_INTEGER) { + num_ent = cpc_obj->integer.value; ++ if (num_ent <= 1) { ++ pr_debug("Unexpected _CPC NumEntries value (%d) for CPU:%d\n", ++ num_ent, pr->id); ++ goto out_free; ++ } + } else { + pr_debug("Unexpected entry type(%d) for NumEntries\n", + cpc_obj->type); diff --git a/queue-5.16/io_uring-fix-memory-leak-of-uid-in-files-registration.patch b/queue-5.16/io_uring-fix-memory-leak-of-uid-in-files-registration.patch new file mode 100644 index 00000000000..6e95465dfc3 --- /dev/null +++ b/queue-5.16/io_uring-fix-memory-leak-of-uid-in-files-registration.patch @@ -0,0 +1,31 @@ +From c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Fri, 25 Mar 2022 16:36:31 +0000 +Subject: io_uring: fix memory leak of uid in files registration + +From: Pavel Begunkov + +commit c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 upstream. + +When there are no files for __io_sqe_files_scm() to process in the +range, it'll free everything and return. However, it forgets to put uid. + +Fixes: 08a451739a9b5 ("io_uring: allow sparse fixed file sets") +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/accee442376f33ce8aaebb099d04967533efde92.1648226048.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + fs/io_uring.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -8180,6 +8180,7 @@ static int __io_sqe_files_scm(struct io_ + fput(fpl->fp[i]); + } else { + kfree_skb(skb); ++ free_uid(fpl->user); + kfree(fpl); + } + diff --git a/queue-5.16/platform-chrome-cros_ec_typec-check-for-ec-device.patch b/queue-5.16/platform-chrome-cros_ec_typec-check-for-ec-device.patch new file mode 100644 index 00000000000..d39c25498d9 --- /dev/null +++ b/queue-5.16/platform-chrome-cros_ec_typec-check-for-ec-device.patch @@ -0,0 +1,48 @@ +From ffebd90532728086007038986900426544e3df4e Mon Sep 17 00:00:00 2001 +From: Prashant Malani +Date: Wed, 26 Jan 2022 19:02:20 +0000 +Subject: platform/chrome: cros_ec_typec: Check for EC device + +From: Prashant Malani + +commit ffebd90532728086007038986900426544e3df4e upstream. + +The Type C ACPI device on older Chromebooks is not generated correctly +(since their EC firmware doesn't support the new commands required). In +such cases, the crafted ACPI device doesn't have an EC parent, and it is +therefore not useful (it shouldn't be generated in the first place since +the EC firmware doesn't support any of the Type C commands). + +To handle devices which use these older firmware revisions, check for +the parent EC device handle, and fail the probe if it's not found. + +Fixes: fdc6b21e2444 ("platform/chrome: Add Type C connector class driver") +Reported-by: Alyssa Ross +Reviewed-by: Tzung-Bi Shih +Signed-off-by: Prashant Malani +Acked-by: Heikki Krogerus +Reviewed-by: Alyssa Ross +Tested-by: Alyssa Ross +Link: https://lore.kernel.org/r/20220126190219.3095419-1-pmalani@chromium.org +Signed-off-by: Benson Leung +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/chrome/cros_ec_typec.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/platform/chrome/cros_ec_typec.c ++++ b/drivers/platform/chrome/cros_ec_typec.c +@@ -1075,7 +1075,13 @@ static int cros_typec_probe(struct platf + return -ENOMEM; + + typec->dev = dev; ++ + typec->ec = dev_get_drvdata(pdev->dev.parent); ++ if (!typec->ec) { ++ dev_err(dev, "couldn't find parent EC device\n"); ++ return -ENODEV; ++ } ++ + platform_set_drvdata(pdev, typec); + + ret = cros_typec_get_cmd_version(typec); diff --git a/queue-5.16/riscv-module-remove-noload.patch b/queue-5.16/riscv-module-remove-noload.patch new file mode 100644 index 00000000000..913f1610cc1 --- /dev/null +++ b/queue-5.16/riscv-module-remove-noload.patch @@ -0,0 +1,49 @@ +From 60210a3d86dc57ce4a76a366e7841dda746a33f7 Mon Sep 17 00:00:00 2001 +From: Fangrui Song +Date: Mon, 21 Mar 2022 18:26:17 -0700 +Subject: riscv module: remove (NOLOAD) + +From: Fangrui Song + +commit 60210a3d86dc57ce4a76a366e7841dda746a33f7 upstream. + +On ELF, (NOLOAD) sets the section type to SHT_NOBITS[1]. It is conceptually +inappropriate for .plt, .got, and .got.plt sections which are always +SHT_PROGBITS. + +In GNU ld, if PLT entries are needed, .plt will be SHT_PROGBITS anyway +and (NOLOAD) will be essentially ignored. In ld.lld, since +https://reviews.llvm.org/D118840 ("[ELF] Support (TYPE=) to +customize the output section type"), ld.lld will report a `section type +mismatch` error (later changed to a warning). Just remove (NOLOAD) to +fix the warning. + +[1] https://lld.llvm.org/ELF/linker_script.html As of today, "The +section should be marked as not loadable" on +https://sourceware.org/binutils/docs/ld/Output-Section-Type.html is +outdated for ELF. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1597 +Fixes: ab1ef68e5401 ("RISC-V: Add sections of PLT and GOT for kernel module") +Reported-by: Nathan Chancellor +Signed-off-by: Fangrui Song +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/module.lds.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/riscv/include/asm/module.lds.h ++++ b/arch/riscv/include/asm/module.lds.h +@@ -2,8 +2,8 @@ + /* Copyright (C) 2017 Andes Technology Corporation */ + #ifdef CONFIG_MODULE_SECTIONS + SECTIONS { +- .plt (NOLOAD) : { BYTE(0) } +- .got (NOLOAD) : { BYTE(0) } +- .got.plt (NOLOAD) : { BYTE(0) } ++ .plt : { BYTE(0) } ++ .got : { BYTE(0) } ++ .got.plt : { BYTE(0) } + } + #endif diff --git a/queue-5.16/series b/queue-5.16/series index 5720401c7e7..3e3c31d5acb 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -950,3 +950,9 @@ block-fix-the-maximum-minor-value-is-blk_alloc_ext_minor.patch revert-virtio-pci-harden-intx-interrupts.patch revert-virtio_pci-harden-msi-x-interrupts.patch virtio-use-virtio_device_ready-in-virtio_device_restore.patch +io_uring-fix-memory-leak-of-uid-in-files-registration.patch +riscv-module-remove-noload.patch +acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch +vhost-handle-error-while-adding-split-ranges-to-iotlb.patch +spi-fix-tegra-qspi-example.patch +platform-chrome-cros_ec_typec-check-for-ec-device.patch diff --git a/queue-5.16/spi-fix-tegra-qspi-example.patch b/queue-5.16/spi-fix-tegra-qspi-example.patch new file mode 100644 index 00000000000..49fb06f9990 --- /dev/null +++ b/queue-5.16/spi-fix-tegra-qspi-example.patch @@ -0,0 +1,37 @@ +From 320689a1b543ca1396b3ed43bb18045e4a7ffd79 Mon Sep 17 00:00:00 2001 +From: Jon Hunter +Date: Mon, 7 Mar 2022 11:35:29 +0000 +Subject: spi: Fix Tegra QSPI example + +From: Jon Hunter + +commit 320689a1b543ca1396b3ed43bb18045e4a7ffd79 upstream. + +When running dt_binding_check on the nvidia,tegra210-quad.yaml binding +document the following error is reported ... + + nvidia,tegra210-quad.example.dt.yaml:0:0: /example-0/spi@70410000/flash@0: + failed to match any schema with compatible: ['spi-nor'] + +Update the example in the binding document to fix the above error. + +Signed-off-by: Jon Hunter +Fixes: 9684752e5fe3 ("dt-bindings: spi: Add Tegra Quad SPI device tree binding") +Link: https://lore.kernel.org/r/20220307113529.315685-1-jonathanh@nvidia.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/devicetree/bindings/spi/nvidia,tegra210-quad.yaml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Documentation/devicetree/bindings/spi/nvidia,tegra210-quad.yaml ++++ b/Documentation/devicetree/bindings/spi/nvidia,tegra210-quad.yaml +@@ -106,7 +106,7 @@ examples: + dma-names = "rx", "tx"; + + flash@0 { +- compatible = "spi-nor"; ++ compatible = "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <104000000>; + spi-tx-bus-width = <2>; diff --git a/queue-5.16/vhost-handle-error-while-adding-split-ranges-to-iotlb.patch b/queue-5.16/vhost-handle-error-while-adding-split-ranges-to-iotlb.patch new file mode 100644 index 00000000000..832ff87c4a3 --- /dev/null +++ b/queue-5.16/vhost-handle-error-while-adding-split-ranges-to-iotlb.patch @@ -0,0 +1,40 @@ +From 03a91c9af2c42ae14afafb829a4b7e6589ab5892 Mon Sep 17 00:00:00 2001 +From: Anirudh Rayabharam +Date: Sat, 12 Mar 2022 19:41:21 +0530 +Subject: vhost: handle error while adding split ranges to iotlb + +From: Anirudh Rayabharam + +commit 03a91c9af2c42ae14afafb829a4b7e6589ab5892 upstream. + +vhost_iotlb_add_range_ctx() handles the range [0, ULONG_MAX] by +splitting it into two ranges and adding them separately. The return +value of adding the first range to the iotlb is currently ignored. +Check the return value and bail out in case of an error. + +Signed-off-by: Anirudh Rayabharam +Link: https://lore.kernel.org/r/20220312141121.4981-1-mail@anirudhrb.com +Signed-off-by: Michael S. Tsirkin +Fixes: e2ae38cf3d91 ("vhost: fix hung thread due to erroneous iotlb entries") +Reviewed-by: Stefano Garzarella +Signed-off-by: Greg Kroah-Hartman +--- + drivers/vhost/iotlb.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/vhost/iotlb.c ++++ b/drivers/vhost/iotlb.c +@@ -62,8 +62,12 @@ int vhost_iotlb_add_range_ctx(struct vho + */ + if (start == 0 && last == ULONG_MAX) { + u64 mid = last / 2; ++ int err = vhost_iotlb_add_range_ctx(iotlb, start, mid, addr, ++ perm, opaque); ++ ++ if (err) ++ return err; + +- vhost_iotlb_add_range_ctx(iotlb, start, mid, addr, perm, opaque); + addr += mid + 1; + start = mid + 1; + }