From: Greg Kroah-Hartman Date: Tue, 28 Mar 2023 12:47:27 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v5.15.105~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d185ee4fc831836ade3b913095c214ce79f5e041;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: arm64-dts-qcom-sc7280-mark-pcie-controller-as-cache-coherent.patch arm64-dts-qcom-sm8150-fix-the-iommu-mask-used-for-pcie-controllers.patch bus-imx-weim-fix-branch-condition-evaluates-to-a-garbage-value.patch dm-crypt-add-cond_resched-to-dmcrypt_write.patch dm-crypt-avoid-accessing-uninitialized-tasklet.patch dm-stats-check-for-and-propagate-alloc_percpu-failure.patch drm-amd-display-fix-wrong-index-used-in-dccg32_set_dpstreamclk.patch drm-amdgpu-nv-apply-aspm-quirk-on-intel-adl-amd-navi.patch drm-amdgpu-reposition-the-gpu-reset-checking-for-reuse.patch drm-amdgpu-skip-asic-reset-for-apus-when-go-to-s4.patch drm-bridge-lt8912b-return-eprobe_defer-if-bridge-is-not-found.patch drm-i915-active-fix-missing-debug-object-activation.patch drm-i915-preserve-crtc_state-inherited-during-state-clearing.patch drm-meson-fix-missing-component-unbind-on-bind-errors.patch firmware-arm_scmi-fix-device-node-validation-for-mailbox-transport.patch i2c-xgene-slimpro-fix-out-of-bounds-bug-in-xgene_slimpro_i2c_xfer.patch mm-ksm-fix-race-with-vma-iteration-and-mm_struct-teardown.patch riscv-handle-zicsr-zifencei-issues-between-clang-and-binutils.patch riscv-mm-fix-incorrect-asid-argument-when-flushing-tlb.patch sched-fair-sanitize-vruntime-of-entity-being-migrated.patch sched-fair-sanitize-vruntime-of-entity-being-placed.patch soc-qcom-llcc-fix-slice-configuration-values-for-sc8280xp.patch tee-amdtee-fix-race-condition-in-amdtee_open_session.patch --- diff --git a/queue-6.1/arm64-dts-qcom-sc7280-mark-pcie-controller-as-cache-coherent.patch b/queue-6.1/arm64-dts-qcom-sc7280-mark-pcie-controller-as-cache-coherent.patch new file mode 100644 index 00000000000..5a365dae7b8 --- /dev/null +++ b/queue-6.1/arm64-dts-qcom-sc7280-mark-pcie-controller-as-cache-coherent.patch @@ -0,0 +1,35 @@ +From 8a63441e83724fee1ef3fd37b237d40d90780766 Mon Sep 17 00:00:00 2001 +From: Krishna chaitanya chundru +Date: Tue, 28 Feb 2023 17:19:12 +0530 +Subject: arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent + +From: Krishna chaitanya chundru + +commit 8a63441e83724fee1ef3fd37b237d40d90780766 upstream. + +If the controller is not marked as cache coherent, then kernel will +try to ensure coherency during dma-ops and that may cause data corruption. +So, mark the PCIe node as dma-coherent as the devices on PCIe bus are +cache coherent. + +Cc: stable@vger.kernel.org +Fixes: 92e0ee9f83b3 ("arm64: dts: qcom: sc7280: Add PCIe and PHY related node") +Signed-off-by: Krishna chaitanya chundru +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/1677584952-17496-1-git-send-email-quic_krichai@quicinc.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm64/boot/dts/qcom/sc7280.dtsi ++++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi +@@ -2077,6 +2077,8 @@ + pinctrl-names = "default"; + pinctrl-0 = <&pcie1_clkreq_n>; + ++ dma-coherent; ++ + iommus = <&apps_smmu 0x1c80 0x1>; + + iommu-map = <0x0 &apps_smmu 0x1c80 0x1>, diff --git a/queue-6.1/arm64-dts-qcom-sm8150-fix-the-iommu-mask-used-for-pcie-controllers.patch b/queue-6.1/arm64-dts-qcom-sm8150-fix-the-iommu-mask-used-for-pcie-controllers.patch new file mode 100644 index 00000000000..f604edc56f4 --- /dev/null +++ b/queue-6.1/arm64-dts-qcom-sm8150-fix-the-iommu-mask-used-for-pcie-controllers.patch @@ -0,0 +1,45 @@ +From 672a58fc7c477e59981653a11241566870fff852 Mon Sep 17 00:00:00 2001 +From: Manivannan Sadhasivam +Date: Fri, 24 Feb 2023 13:30:45 +0530 +Subject: arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers + +From: Manivannan Sadhasivam + +commit 672a58fc7c477e59981653a11241566870fff852 upstream. + +The iommu mask should be 0x3f as per Qualcomm internal documentation. +Without the correct mask, the PCIe transactions from the endpoint will +result in SMMU faults. Hence, fix it! + +Cc: stable@vger.kernel.org # 5.19 +Fixes: a1c86c680533 ("arm64: dts: qcom: sm8150: Add PCIe nodes") +Signed-off-by: Manivannan Sadhasivam +Reviewed-by: Konrad Dybcio +Reviewed-by: Bhupesh Sharma +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20230224080045.6577-1-manivannan.sadhasivam@linaro.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/qcom/sm8150.dtsi | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/boot/dts/qcom/sm8150.dtsi ++++ b/arch/arm64/boot/dts/qcom/sm8150.dtsi +@@ -1810,7 +1810,7 @@ + "slave_q2a", + "tbu"; + +- iommus = <&apps_smmu 0x1d80 0x7f>; ++ iommus = <&apps_smmu 0x1d80 0x3f>; + iommu-map = <0x0 &apps_smmu 0x1d80 0x1>, + <0x100 &apps_smmu 0x1d81 0x1>; + +@@ -1909,7 +1909,7 @@ + assigned-clocks = <&gcc GCC_PCIE_1_AUX_CLK>; + assigned-clock-rates = <19200000>; + +- iommus = <&apps_smmu 0x1e00 0x7f>; ++ iommus = <&apps_smmu 0x1e00 0x3f>; + iommu-map = <0x0 &apps_smmu 0x1e00 0x1>, + <0x100 &apps_smmu 0x1e01 0x1>; + diff --git a/queue-6.1/bus-imx-weim-fix-branch-condition-evaluates-to-a-garbage-value.patch b/queue-6.1/bus-imx-weim-fix-branch-condition-evaluates-to-a-garbage-value.patch new file mode 100644 index 00000000000..907190e21bf --- /dev/null +++ b/queue-6.1/bus-imx-weim-fix-branch-condition-evaluates-to-a-garbage-value.patch @@ -0,0 +1,39 @@ +From 1adab2922c58e7ff4fa9f0b43695079402cce876 Mon Sep 17 00:00:00 2001 +From: Ivan Bornyakov +Date: Mon, 6 Mar 2023 16:25:26 +0300 +Subject: bus: imx-weim: fix branch condition evaluates to a garbage value + +From: Ivan Bornyakov + +commit 1adab2922c58e7ff4fa9f0b43695079402cce876 upstream. + +If bus type is other than imx50_weim_devtype and have no child devices, +variable 'ret' in function weim_parse_dt() will not be initialized, but +will be used as branch condition and return value. Fix this by +initializing 'ret' with 0. + +This was discovered with help of clang-analyzer, but the situation is +quite possible in real life. + +Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure") +Signed-off-by: Ivan Bornyakov +Cc: stable@vger.kernel.org +Reviewed-by: Fabio Estevam +Signed-off-by: Shawn Guo +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bus/imx-weim.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/bus/imx-weim.c ++++ b/drivers/bus/imx-weim.c +@@ -204,8 +204,8 @@ static int weim_parse_dt(struct platform + const struct of_device_id *of_id = of_match_device(weim_id_table, + &pdev->dev); + const struct imx_weim_devtype *devtype = of_id->data; ++ int ret = 0, have_child = 0; + struct device_node *child; +- int ret, have_child = 0; + struct weim_priv *priv; + void __iomem *base; + u32 reg; diff --git a/queue-6.1/dm-crypt-add-cond_resched-to-dmcrypt_write.patch b/queue-6.1/dm-crypt-add-cond_resched-to-dmcrypt_write.patch new file mode 100644 index 00000000000..d73949ef713 --- /dev/null +++ b/queue-6.1/dm-crypt-add-cond_resched-to-dmcrypt_write.patch @@ -0,0 +1,45 @@ +From fb294b1c0ba982144ca467a75e7d01ff26304e2b Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 6 Mar 2023 11:17:58 -0500 +Subject: dm crypt: add cond_resched() to dmcrypt_write() + +From: Mikulas Patocka + +commit fb294b1c0ba982144ca467a75e7d01ff26304e2b upstream. + +The loop in dmcrypt_write may be running for unbounded amount of time, +thus we need cond_resched() in it. + +This commit fixes the following warning: + +[ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] +... +[ 3391.387210][ C12] Call trace: +[ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 +[ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 +[ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550 +[ 3391.405856][ C12] submit_bio_noacct+0x308/0x380 +[ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt] +[ 3391.416005][ C12] kthread+0x130/0x138 +[ 3391.419911][ C12] ret_from_fork+0x10/0x18 + +Reported-by: yangerkun +Fixes: dc2676210c42 ("dm crypt: offload writes to thread") +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-crypt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -1933,6 +1933,7 @@ pop_from_list: + io = crypt_io_from_node(rb_first(&write_tree)); + rb_erase(&io->rb_node, &write_tree); + kcryptd_io_write(io); ++ cond_resched(); + } while (!RB_EMPTY_ROOT(&write_tree)); + blk_finish_plug(&plug); + } diff --git a/queue-6.1/dm-crypt-avoid-accessing-uninitialized-tasklet.patch b/queue-6.1/dm-crypt-avoid-accessing-uninitialized-tasklet.patch new file mode 100644 index 00000000000..0612beed512 --- /dev/null +++ b/queue-6.1/dm-crypt-avoid-accessing-uninitialized-tasklet.patch @@ -0,0 +1,81 @@ +From d9a02e016aaf5a57fb44e9a5e6da8ccd3b9e2e70 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Wed, 8 Mar 2023 14:39:54 -0500 +Subject: dm crypt: avoid accessing uninitialized tasklet + +From: Mike Snitzer + +commit d9a02e016aaf5a57fb44e9a5e6da8ccd3b9e2e70 upstream. + +When neither "no_read_workqueue" nor "no_write_workqueue" are enabled, +tasklet_trylock() in crypt_dec_pending() may still return false due to +an uninitialized state, and dm-crypt will unnecessarily do io completion +in io_queue workqueue instead of current context. + +Fix this by adding an 'in_tasklet' flag to dm_crypt_io struct and +initialize it to false in crypt_io_init(). Set this flag to true in +kcryptd_queue_crypt() before calling tasklet_schedule(). If set +crypt_dec_pending() will punt io completion to a workqueue. + +This also nicely avoids the tasklet_trylock/unlock hack when tasklets +aren't in use. + +Fixes: 8e14f610159d ("dm crypt: do not call bio_endio() from the dm-crypt tasklet") +Cc: stable@vger.kernel.org +Reported-by: Hou Tao +Suggested-by: Ignat Korchagin +Reviewed-by: Ignat Korchagin +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-crypt.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -71,7 +71,9 @@ struct dm_crypt_io { + struct crypt_config *cc; + struct bio *base_bio; + u8 *integrity_metadata; +- bool integrity_metadata_from_pool; ++ bool integrity_metadata_from_pool:1; ++ bool in_tasklet:1; ++ + struct work_struct work; + struct tasklet_struct tasklet; + +@@ -1728,6 +1730,7 @@ static void crypt_io_init(struct dm_cryp + io->ctx.r.req = NULL; + io->integrity_metadata = NULL; + io->integrity_metadata_from_pool = false; ++ io->in_tasklet = false; + atomic_set(&io->io_pending, 0); + } + +@@ -1773,14 +1776,13 @@ static void crypt_dec_pending(struct dm_ + * our tasklet. In this case we need to delay bio_endio() + * execution to after the tasklet is done and dequeued. + */ +- if (tasklet_trylock(&io->tasklet)) { +- tasklet_unlock(&io->tasklet); +- bio_endio(base_bio); ++ if (io->in_tasklet) { ++ INIT_WORK(&io->work, kcryptd_io_bio_endio); ++ queue_work(cc->io_queue, &io->work); + return; + } + +- INIT_WORK(&io->work, kcryptd_io_bio_endio); +- queue_work(cc->io_queue, &io->work); ++ bio_endio(base_bio); + } + + /* +@@ -2229,6 +2231,7 @@ static void kcryptd_queue_crypt(struct d + * it is being executed with irqs disabled. + */ + if (in_hardirq() || irqs_disabled()) { ++ io->in_tasklet = true; + tasklet_init(&io->tasklet, kcryptd_crypt_tasklet, (unsigned long)&io->work); + tasklet_schedule(&io->tasklet); + return; diff --git a/queue-6.1/dm-stats-check-for-and-propagate-alloc_percpu-failure.patch b/queue-6.1/dm-stats-check-for-and-propagate-alloc_percpu-failure.patch new file mode 100644 index 00000000000..7e024911c41 --- /dev/null +++ b/queue-6.1/dm-stats-check-for-and-propagate-alloc_percpu-failure.patch @@ -0,0 +1,79 @@ +From d3aa3e060c4a80827eb801fc448debc9daa7c46b Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Thu, 16 Mar 2023 14:55:06 +0800 +Subject: dm stats: check for and propagate alloc_percpu failure + +From: Jiasheng Jiang + +commit d3aa3e060c4a80827eb801fc448debc9daa7c46b upstream. + +Check alloc_precpu()'s return value and return an error from +dm_stats_init() if it fails. Update alloc_dev() to fail if +dm_stats_init() does. + +Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() +even if dm-stats isn't being actively used. + +Fixes: fd2ed4d25270 ("dm: add statistics support") +Cc: stable@vger.kernel.org +Signed-off-by: Jiasheng Jiang +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-stats.c | 7 ++++++- + drivers/md/dm-stats.h | 2 +- + drivers/md/dm.c | 4 +++- + 3 files changed, 10 insertions(+), 3 deletions(-) + +--- a/drivers/md/dm-stats.c ++++ b/drivers/md/dm-stats.c +@@ -188,7 +188,7 @@ static int dm_stat_in_flight(struct dm_s + atomic_read(&shared->in_flight[WRITE]); + } + +-void dm_stats_init(struct dm_stats *stats) ++int dm_stats_init(struct dm_stats *stats) + { + int cpu; + struct dm_stats_last_position *last; +@@ -197,11 +197,16 @@ void dm_stats_init(struct dm_stats *stat + INIT_LIST_HEAD(&stats->list); + stats->precise_timestamps = false; + stats->last = alloc_percpu(struct dm_stats_last_position); ++ if (!stats->last) ++ return -ENOMEM; ++ + for_each_possible_cpu(cpu) { + last = per_cpu_ptr(stats->last, cpu); + last->last_sector = (sector_t)ULLONG_MAX; + last->last_rw = UINT_MAX; + } ++ ++ return 0; + } + + void dm_stats_cleanup(struct dm_stats *stats) +--- a/drivers/md/dm-stats.h ++++ b/drivers/md/dm-stats.h +@@ -21,7 +21,7 @@ struct dm_stats_aux { + unsigned long long duration_ns; + }; + +-void dm_stats_init(struct dm_stats *st); ++int dm_stats_init(struct dm_stats *st); + void dm_stats_cleanup(struct dm_stats *st); + + struct mapped_device; +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2105,7 +2105,9 @@ static struct mapped_device *alloc_dev(i + if (!md->pending_io) + goto bad; + +- dm_stats_init(&md->stats); ++ r = dm_stats_init(&md->stats); ++ if (r < 0) ++ goto bad; + + /* Populate the mapping, nobody knows we exist yet */ + spin_lock(&_minor_lock); diff --git a/queue-6.1/drm-amd-display-fix-wrong-index-used-in-dccg32_set_dpstreamclk.patch b/queue-6.1/drm-amd-display-fix-wrong-index-used-in-dccg32_set_dpstreamclk.patch new file mode 100644 index 00000000000..2113d018387 --- /dev/null +++ b/queue-6.1/drm-amd-display-fix-wrong-index-used-in-dccg32_set_dpstreamclk.patch @@ -0,0 +1,44 @@ +From 4c94e57c258cb7800aa5f3a9d9597d91291407a9 Mon Sep 17 00:00:00 2001 +From: Hersen Wu +Date: Thu, 9 Mar 2023 16:14:08 -0500 +Subject: drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk + +From: Hersen Wu + +commit 4c94e57c258cb7800aa5f3a9d9597d91291407a9 upstream. + +[Why & How] +When merging commit 9af611f29034 +("drm/amd/display: Fix DCN32 DPSTREAMCLK_CNTL programming"), +index change was not picked up. + +Cc: stable@vger.kernel.org +Cc: Mario Limonciello +Fixes: 9af611f29034 ("drm/amd/display: Fix DCN32 DPSTREAMCLK_CNTL programming") +Reviewed-by: Qingqing Zhuo +Acked-by: Qingqing Zhuo +Signed-off-by: Hersen Wu +Tested-by: Daniel Wheeler +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dccg.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dccg.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dccg.c +index e4472c6be6c3..3fb4bcc34353 100644 +--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dccg.c ++++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dccg.c +@@ -271,8 +271,7 @@ static void dccg32_set_dpstreamclk( + dccg32_set_dtbclk_p_src(dccg, src, otg_inst); + + /* enabled to select one of the DTBCLKs for pipe */ +- switch (otg_inst) +- { ++ switch (dp_hpo_inst) { + case 0: + REG_UPDATE_2(DPSTREAMCLK_CNTL, + DPSTREAMCLK0_EN, +-- +2.40.0 + diff --git a/queue-6.1/drm-amdgpu-nv-apply-aspm-quirk-on-intel-adl-amd-navi.patch b/queue-6.1/drm-amdgpu-nv-apply-aspm-quirk-on-intel-adl-amd-navi.patch new file mode 100644 index 00000000000..b6da62c93ad --- /dev/null +++ b/queue-6.1/drm-amdgpu-nv-apply-aspm-quirk-on-intel-adl-amd-navi.patch @@ -0,0 +1,124 @@ +From 2b072442f4962231a8516485012bb2d2551ef2fe Mon Sep 17 00:00:00 2001 +From: Kai-Heng Feng +Date: Wed, 15 Mar 2023 20:07:23 +0800 +Subject: drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi + +From: Kai-Heng Feng + +commit 2b072442f4962231a8516485012bb2d2551ef2fe upstream. + +S2idle resume freeze can be observed on Intel ADL + AMD WX5500. This is +caused by commit 0064b0ce85bb ("drm/amd/pm: enable ASPM by default"). + +The root cause is still not clear for now. + +So extend and apply the ASPM quirk from commit e02fe3bc7aba +("drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems"), to +workaround the issue on Navi cards too. + +Fixes: 0064b0ce85bb ("drm/amd/pm: enable ASPM by default") +Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2458 +Reviewed-by: Alex Deucher +Signed-off-by: Kai-Heng Feng +Reviewed-by: Mario Limonciello +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 15 +++++++++++++++ + drivers/gpu/drm/amd/amdgpu/nv.c | 2 +- + drivers/gpu/drm/amd/amdgpu/vi.c | 17 +---------------- + 4 files changed, 18 insertions(+), 17 deletions(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h +@@ -1263,6 +1263,7 @@ void amdgpu_device_pci_config_reset(stru + int amdgpu_device_pci_reset(struct amdgpu_device *adev); + bool amdgpu_device_need_post(struct amdgpu_device *adev); + bool amdgpu_device_should_use_aspm(struct amdgpu_device *adev); ++bool amdgpu_device_aspm_support_quirk(void); + + void amdgpu_cs_report_moved_bytes(struct amdgpu_device *adev, u64 num_bytes, + u64 num_vis_bytes); +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +@@ -78,6 +78,10 @@ + + #include + ++#if IS_ENABLED(CONFIG_X86) ++#include ++#endif ++ + MODULE_FIRMWARE("amdgpu/vega10_gpu_info.bin"); + MODULE_FIRMWARE("amdgpu/vega12_gpu_info.bin"); + MODULE_FIRMWARE("amdgpu/raven_gpu_info.bin"); +@@ -1353,6 +1357,17 @@ bool amdgpu_device_should_use_aspm(struc + return pcie_aspm_enabled(adev->pdev); + } + ++bool amdgpu_device_aspm_support_quirk(void) ++{ ++#if IS_ENABLED(CONFIG_X86) ++ struct cpuinfo_x86 *c = &cpu_data(0); ++ ++ return !(c->x86 == 6 && c->x86_model == INTEL_FAM6_ALDERLAKE); ++#else ++ return true; ++#endif ++} ++ + /* if we get transitioned to only one device, take VGA back */ + /** + * amdgpu_device_vga_set_decode - enable/disable vga decode +--- a/drivers/gpu/drm/amd/amdgpu/nv.c ++++ b/drivers/gpu/drm/amd/amdgpu/nv.c +@@ -527,7 +527,7 @@ static void nv_pcie_gen3_enable(struct a + + static void nv_program_aspm(struct amdgpu_device *adev) + { +- if (!amdgpu_device_should_use_aspm(adev)) ++ if (!amdgpu_device_should_use_aspm(adev) || !amdgpu_device_aspm_support_quirk()) + return; + + if (!(adev->flags & AMD_IS_APU) && +--- a/drivers/gpu/drm/amd/amdgpu/vi.c ++++ b/drivers/gpu/drm/amd/amdgpu/vi.c +@@ -81,10 +81,6 @@ + #include "mxgpu_vi.h" + #include "amdgpu_dm.h" + +-#if IS_ENABLED(CONFIG_X86) +-#include +-#endif +- + #define ixPCIE_LC_L1_PM_SUBSTATE 0x100100C6 + #define PCIE_LC_L1_PM_SUBSTATE__LC_L1_SUBSTATES_OVERRIDE_EN_MASK 0x00000001L + #define PCIE_LC_L1_PM_SUBSTATE__LC_PCI_PM_L1_2_OVERRIDE_MASK 0x00000002L +@@ -1138,24 +1134,13 @@ static void vi_enable_aspm(struct amdgpu + WREG32_PCIE(ixPCIE_LC_CNTL, data); + } + +-static bool aspm_support_quirk_check(void) +-{ +-#if IS_ENABLED(CONFIG_X86) +- struct cpuinfo_x86 *c = &cpu_data(0); +- +- return !(c->x86 == 6 && c->x86_model == INTEL_FAM6_ALDERLAKE); +-#else +- return true; +-#endif +-} +- + static void vi_program_aspm(struct amdgpu_device *adev) + { + u32 data, data1, orig; + bool bL1SS = false; + bool bClkReqSupport = true; + +- if (!amdgpu_device_should_use_aspm(adev) || !aspm_support_quirk_check()) ++ if (!amdgpu_device_should_use_aspm(adev) || !amdgpu_device_aspm_support_quirk()) + return; + + if (adev->flags & AMD_IS_APU || diff --git a/queue-6.1/drm-amdgpu-reposition-the-gpu-reset-checking-for-reuse.patch b/queue-6.1/drm-amdgpu-reposition-the-gpu-reset-checking-for-reuse.patch new file mode 100644 index 00000000000..28e998bb45e --- /dev/null +++ b/queue-6.1/drm-amdgpu-reposition-the-gpu-reset-checking-for-reuse.patch @@ -0,0 +1,106 @@ +From aaee0ce460b954e08b6e630d7e54b2abb672feb8 Mon Sep 17 00:00:00 2001 +From: Tim Huang +Date: Wed, 15 Mar 2023 15:52:09 +0800 +Subject: drm/amdgpu: reposition the gpu reset checking for reuse + +From: Tim Huang + +commit aaee0ce460b954e08b6e630d7e54b2abb672feb8 upstream. + +Move the amdgpu_acpi_should_gpu_reset out of +CONFIG_SUSPEND to share it with hibernate case. + +Signed-off-by: Tim Huang +Reviewed-by: Alex Deucher +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org # 6.1.x +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 +-- + drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 41 +++++++++++++++++-------------- + 2 files changed, 25 insertions(+), 20 deletions(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h +@@ -1383,10 +1383,12 @@ int amdgpu_acpi_smart_shift_update(struc + int amdgpu_acpi_pcie_notify_device_ready(struct amdgpu_device *adev); + + void amdgpu_acpi_get_backlight_caps(struct amdgpu_dm_backlight_caps *caps); ++bool amdgpu_acpi_should_gpu_reset(struct amdgpu_device *adev); + void amdgpu_acpi_detect(void); + #else + static inline int amdgpu_acpi_init(struct amdgpu_device *adev) { return 0; } + static inline void amdgpu_acpi_fini(struct amdgpu_device *adev) { } ++static inline bool amdgpu_acpi_should_gpu_reset(struct amdgpu_device *adev) { return false; } + static inline void amdgpu_acpi_detect(void) { } + static inline bool amdgpu_acpi_is_power_shift_control_supported(void) { return false; } + static inline int amdgpu_acpi_power_shift_control(struct amdgpu_device *adev, +@@ -1397,11 +1399,9 @@ static inline int amdgpu_acpi_smart_shif + + #if defined(CONFIG_ACPI) && defined(CONFIG_SUSPEND) + bool amdgpu_acpi_is_s3_active(struct amdgpu_device *adev); +-bool amdgpu_acpi_should_gpu_reset(struct amdgpu_device *adev); + bool amdgpu_acpi_is_s0ix_active(struct amdgpu_device *adev); + #else + static inline bool amdgpu_acpi_is_s0ix_active(struct amdgpu_device *adev) { return false; } +-static inline bool amdgpu_acpi_should_gpu_reset(struct amdgpu_device *adev) { return false; } + static inline bool amdgpu_acpi_is_s3_active(struct amdgpu_device *adev) { return false; } + #endif + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +@@ -971,6 +971,29 @@ static bool amdgpu_atcs_pci_probe_handle + return true; + } + ++ ++/** ++ * amdgpu_acpi_should_gpu_reset ++ * ++ * @adev: amdgpu_device_pointer ++ * ++ * returns true if should reset GPU, false if not ++ */ ++bool amdgpu_acpi_should_gpu_reset(struct amdgpu_device *adev) ++{ ++ if (adev->flags & AMD_IS_APU) ++ return false; ++ ++ if (amdgpu_sriov_vf(adev)) ++ return false; ++ ++#if IS_ENABLED(CONFIG_SUSPEND) ++ return pm_suspend_target_state != PM_SUSPEND_TO_IDLE; ++#else ++ return true; ++#endif ++} ++ + /* + * amdgpu_acpi_detect - detect ACPI ATIF/ATCS methods + * +@@ -1043,24 +1066,6 @@ bool amdgpu_acpi_is_s3_active(struct amd + } + + /** +- * amdgpu_acpi_should_gpu_reset +- * +- * @adev: amdgpu_device_pointer +- * +- * returns true if should reset GPU, false if not +- */ +-bool amdgpu_acpi_should_gpu_reset(struct amdgpu_device *adev) +-{ +- if (adev->flags & AMD_IS_APU) +- return false; +- +- if (amdgpu_sriov_vf(adev)) +- return false; +- +- return pm_suspend_target_state != PM_SUSPEND_TO_IDLE; +-} +- +-/** + * amdgpu_acpi_is_s0ix_active + * + * @adev: amdgpu_device_pointer diff --git a/queue-6.1/drm-amdgpu-skip-asic-reset-for-apus-when-go-to-s4.patch b/queue-6.1/drm-amdgpu-skip-asic-reset-for-apus-when-go-to-s4.patch new file mode 100644 index 00000000000..1703fc710bc --- /dev/null +++ b/queue-6.1/drm-amdgpu-skip-asic-reset-for-apus-when-go-to-s4.patch @@ -0,0 +1,47 @@ +From b589626674de94d977e81c99bf7905872b991197 Mon Sep 17 00:00:00 2001 +From: Tim Huang +Date: Thu, 9 Mar 2023 16:27:51 +0800 +Subject: drm/amdgpu: skip ASIC reset for APUs when go to S4 + +From: Tim Huang + +commit b589626674de94d977e81c99bf7905872b991197 upstream. + +For GC IP v11.0.4/11, PSP TMR need to be reserved +for ASIC mode2 reset. But for S4, when psp suspend, +it will destroy the TMR that fails the ASIC reset. + +[ 96.006101] amdgpu 0000:62:00.0: amdgpu: MODE2 reset +[ 100.409717] amdgpu 0000:62:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000011 SMN_C2PMSG_82:0x00000002 +[ 100.411593] amdgpu 0000:62:00.0: amdgpu: Mode2 reset failed! +[ 100.412470] amdgpu 0000:62:00.0: PM: pci_pm_freeze(): amdgpu_pmops_freeze+0x0/0x50 [amdgpu] returns -62 +[ 100.414020] amdgpu 0000:62:00.0: PM: dpm_run_callback(): pci_pm_freeze+0x0/0xd0 returns -62 +[ 100.415311] amdgpu 0000:62:00.0: PM: pci_pm_freeze+0x0/0xd0 returned -62 after 4623202 usecs +[ 100.416608] amdgpu 0000:62:00.0: PM: failed to freeze async: error -62 + +We can skip the reset on APUs, assuming we can resume them +properly. Verified on some GFX11, GFX10 and old GFX9 APUs. + +Signed-off-by: Tim Huang +Reviewed-by: Alex Deucher +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org # 6.1.x +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +@@ -2447,7 +2447,10 @@ static int amdgpu_pmops_freeze(struct de + adev->in_s4 = false; + if (r) + return r; +- return amdgpu_asic_reset(adev); ++ ++ if (amdgpu_acpi_should_gpu_reset(adev)) ++ return amdgpu_asic_reset(adev); ++ return 0; + } + + static int amdgpu_pmops_thaw(struct device *dev) diff --git a/queue-6.1/drm-bridge-lt8912b-return-eprobe_defer-if-bridge-is-not-found.patch b/queue-6.1/drm-bridge-lt8912b-return-eprobe_defer-if-bridge-is-not-found.patch new file mode 100644 index 00000000000..ff6a2bbd548 --- /dev/null +++ b/queue-6.1/drm-bridge-lt8912b-return-eprobe_defer-if-bridge-is-not-found.patch @@ -0,0 +1,40 @@ +From 1a70ca89d59c7c8af006d29b965a95ede0abb0da Mon Sep 17 00:00:00 2001 +From: Matheus Castello +Date: Wed, 22 Mar 2023 15:38:21 +0100 +Subject: drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found + +From: Matheus Castello + +commit 1a70ca89d59c7c8af006d29b965a95ede0abb0da upstream. + +Returns EPROBE_DEFER when of_drm_find_bridge() fails, this is consistent +with what all the other DRM bridge drivers are doing and this is +required since the bridge might not be there when the driver is probed +and this should not be a fatal failure. + +Cc: +Fixes: 30e2ae943c26 ("drm/bridge: Introduce LT8912B DSI to HDMI bridge") +Signed-off-by: Matheus Castello +Signed-off-by: Francesco Dolcini +Reviewed-by: Laurent Pinchart +Reviewed-by: Andrzej Hajda +Signed-off-by: Neil Armstrong +Link: https://patchwork.freedesktop.org/patch/msgid/20230322143821.109744-1-francesco@dolcini.it +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/bridge/lontium-lt8912b.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/bridge/lontium-lt8912b.c ++++ b/drivers/gpu/drm/bridge/lontium-lt8912b.c +@@ -659,8 +659,8 @@ static int lt8912_parse_dt(struct lt8912 + + lt->hdmi_port = of_drm_find_bridge(port_node); + if (!lt->hdmi_port) { +- dev_err(lt->dev, "%s: Failed to get hdmi port\n", __func__); +- ret = -ENODEV; ++ ret = -EPROBE_DEFER; ++ dev_err_probe(lt->dev, ret, "%s: Failed to get hdmi port\n", __func__); + goto err_free_host_node; + } + diff --git a/queue-6.1/drm-i915-active-fix-missing-debug-object-activation.patch b/queue-6.1/drm-i915-active-fix-missing-debug-object-activation.patch new file mode 100644 index 00000000000..5a8b4f48591 --- /dev/null +++ b/queue-6.1/drm-i915-active-fix-missing-debug-object-activation.patch @@ -0,0 +1,51 @@ +From e92eb246feb9019b0b137706c934b8891cdfe3c2 Mon Sep 17 00:00:00 2001 +From: Nirmoy Das +Date: Tue, 14 Mar 2023 15:29:14 +0100 +Subject: drm/i915/active: Fix missing debug object activation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nirmoy Das + +commit e92eb246feb9019b0b137706c934b8891cdfe3c2 upstream. + +debug_active_activate() expected ref->count to be zero +which is not true anymore as __i915_active_activate() calls +debug_active_activate() after incrementing the count. + +v2: No need to check for "ref->count == 1" as __i915_active_activate() +already make sure of that(Janusz). + +References: https://gitlab.freedesktop.org/drm/intel/-/issues/6733 +Fixes: 04240e30ed06 ("drm/i915: Skip taking acquire mutex for no ref->active callback") +Cc: Chris Wilson +Cc: Tvrtko Ursulin +Cc: Thomas Hellström +Cc: Andi Shyti +Cc: intel-gfx@lists.freedesktop.org +Cc: Janusz Krzysztofik +Cc: # v5.10+ +Signed-off-by: Nirmoy Das +Reviewed-by: Janusz Krzysztofik +Reviewed-by: Andrzej Hajda +Link: https://patchwork.freedesktop.org/patch/msgid/20230313114613.9874-1-nirmoy.das@intel.com +(cherry picked from commit bfad380c542438a9b642f8190b7fd37bc77e2723) +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/i915_active.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/gpu/drm/i915/i915_active.c ++++ b/drivers/gpu/drm/i915/i915_active.c +@@ -92,8 +92,7 @@ static void debug_active_init(struct i91 + static void debug_active_activate(struct i915_active *ref) + { + lockdep_assert_held(&ref->tree_lock); +- if (!atomic_read(&ref->count)) /* before the first inc */ +- debug_object_activate(ref, &active_debug_desc); ++ debug_object_activate(ref, &active_debug_desc); + } + + static void debug_active_deactivate(struct i915_active *ref) diff --git a/queue-6.1/drm-i915-preserve-crtc_state-inherited-during-state-clearing.patch b/queue-6.1/drm-i915-preserve-crtc_state-inherited-during-state-clearing.patch new file mode 100644 index 00000000000..c195e12afa2 --- /dev/null +++ b/queue-6.1/drm-i915-preserve-crtc_state-inherited-during-state-clearing.patch @@ -0,0 +1,45 @@ +From 3a84f2c6c9558c554a90ec26ad25df92fc5e05b7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= +Date: Thu, 23 Feb 2023 17:20:48 +0200 +Subject: drm/i915: Preserve crtc_state->inherited during state clearing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ville Syrjälä + +commit 3a84f2c6c9558c554a90ec26ad25df92fc5e05b7 upstream. + +intel_crtc_prepare_cleared_state() is unintentionally losing +the "inherited" flag. This will happen if intel_initial_commit() +is forced to go through the full modeset calculations for +whatever reason. + +Afterwards the first real commit from userspace will not get +forced to the full modeset path, and thus eg. audio state may +not get recomputed properly. So if the monitor was already +enabled during boot audio will not work until userspace itself +does an explicit full modeset. + +Cc: stable@vger.kernel.org +Tested-by: Lee Shawn C +Signed-off-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20230223152048.20878-1-ville.syrjala@linux.intel.com +Reviewed-by: Uma Shankar +(cherry picked from commit 2553bacaf953b48c59357f5a622282bc0c45adae) +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/display/intel_display.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/i915/display/intel_display.c ++++ b/drivers/gpu/drm/i915/display/intel_display.c +@@ -5186,6 +5186,7 @@ intel_crtc_prepare_cleared_state(struct + * only fields that are know to not cause problems are preserved. */ + + saved_state->uapi = crtc_state->uapi; ++ saved_state->inherited = crtc_state->inherited; + saved_state->scaler_state = crtc_state->scaler_state; + saved_state->shared_dpll = crtc_state->shared_dpll; + saved_state->dpll_hw_state = crtc_state->dpll_hw_state; diff --git a/queue-6.1/drm-meson-fix-missing-component-unbind-on-bind-errors.patch b/queue-6.1/drm-meson-fix-missing-component-unbind-on-bind-errors.patch new file mode 100644 index 00000000000..4f62aac969d --- /dev/null +++ b/queue-6.1/drm-meson-fix-missing-component-unbind-on-bind-errors.patch @@ -0,0 +1,65 @@ +From ba98413bf45edbf33672e2539e321b851b2cfbd1 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 6 Mar 2023 11:35:33 +0100 +Subject: drm/meson: fix missing component unbind on bind errors + +From: Johan Hovold + +commit ba98413bf45edbf33672e2539e321b851b2cfbd1 upstream. + +Make sure to unbind all subcomponents when binding the aggregate device +fails. + +Fixes: a41e82e6c457 ("drm/meson: Add support for components") +Cc: stable@vger.kernel.org # 4.12 +Cc: Neil Armstrong +Signed-off-by: Johan Hovold +Acked-by: Neil Armstrong +Signed-off-by: Neil Armstrong +Link: https://patchwork.freedesktop.org/patch/msgid/20230306103533.4915-1-johan+linaro@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/meson/meson_drv.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +--- a/drivers/gpu/drm/meson/meson_drv.c ++++ b/drivers/gpu/drm/meson/meson_drv.c +@@ -325,23 +325,23 @@ static int meson_drv_bind_master(struct + + ret = meson_encoder_hdmi_init(priv); + if (ret) +- goto exit_afbcd; ++ goto unbind_all; + + ret = meson_plane_create(priv); + if (ret) +- goto exit_afbcd; ++ goto unbind_all; + + ret = meson_overlay_create(priv); + if (ret) +- goto exit_afbcd; ++ goto unbind_all; + + ret = meson_crtc_create(priv); + if (ret) +- goto exit_afbcd; ++ goto unbind_all; + + ret = request_irq(priv->vsync_irq, meson_irq, 0, drm->driver->name, drm); + if (ret) +- goto exit_afbcd; ++ goto unbind_all; + + drm_mode_config_reset(drm); + +@@ -359,6 +359,9 @@ static int meson_drv_bind_master(struct + + uninstall_irq: + free_irq(priv->vsync_irq, drm); ++unbind_all: ++ if (has_components) ++ component_unbind_all(drm->dev, drm); + exit_afbcd: + if (priv->afbcd.ops) + priv->afbcd.ops->exit(priv); diff --git a/queue-6.1/firmware-arm_scmi-fix-device-node-validation-for-mailbox-transport.patch b/queue-6.1/firmware-arm_scmi-fix-device-node-validation-for-mailbox-transport.patch new file mode 100644 index 00000000000..1b865949829 --- /dev/null +++ b/queue-6.1/firmware-arm_scmi-fix-device-node-validation-for-mailbox-transport.patch @@ -0,0 +1,79 @@ +From 2ab4f4018cb6b8010ca5002c3bdc37783b5d28c2 Mon Sep 17 00:00:00 2001 +From: Cristian Marussi +Date: Tue, 7 Mar 2023 16:23:24 +0000 +Subject: firmware: arm_scmi: Fix device node validation for mailbox transport + +From: Cristian Marussi + +commit 2ab4f4018cb6b8010ca5002c3bdc37783b5d28c2 upstream. + +When mailboxes are used as a transport it is possible to setup the SCMI +transport layer, depending on the underlying channels configuration, to use +one or two mailboxes, associated, respectively, to one or two, distinct, +shared memory areas: any other combination should be treated as invalid. + +Add more strict checking of SCMI mailbox transport device node descriptors. + +Fixes: 5c8a47a5a91d ("firmware: arm_scmi: Make scmi core independent of the transport type") +Cc: # 4.19 +Signed-off-by: Cristian Marussi +Link: https://lore.kernel.org/r/20230307162324.891866-1-cristian.marussi@arm.com +Signed-off-by: Sudeep Holla +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/arm_scmi/mailbox.c | 37 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 37 insertions(+) + +--- a/drivers/firmware/arm_scmi/mailbox.c ++++ b/drivers/firmware/arm_scmi/mailbox.c +@@ -52,6 +52,39 @@ static bool mailbox_chan_available(struc + "#mbox-cells", idx, NULL); + } + ++static int mailbox_chan_validate(struct device *cdev) ++{ ++ int num_mb, num_sh, ret = 0; ++ struct device_node *np = cdev->of_node; ++ ++ num_mb = of_count_phandle_with_args(np, "mboxes", "#mbox-cells"); ++ num_sh = of_count_phandle_with_args(np, "shmem", NULL); ++ /* Bail out if mboxes and shmem descriptors are inconsistent */ ++ if (num_mb <= 0 || num_sh > 2 || num_mb != num_sh) { ++ dev_warn(cdev, "Invalid channel descriptor for '%s'\n", ++ of_node_full_name(np)); ++ return -EINVAL; ++ } ++ ++ if (num_sh > 1) { ++ struct device_node *np_tx, *np_rx; ++ ++ np_tx = of_parse_phandle(np, "shmem", 0); ++ np_rx = of_parse_phandle(np, "shmem", 1); ++ /* SCMI Tx and Rx shared mem areas have to be distinct */ ++ if (!np_tx || !np_rx || np_tx == np_rx) { ++ dev_warn(cdev, "Invalid shmem descriptor for '%s'\n", ++ of_node_full_name(np)); ++ ret = -EINVAL; ++ } ++ ++ of_node_put(np_tx); ++ of_node_put(np_rx); ++ } ++ ++ return ret; ++} ++ + static int mailbox_chan_setup(struct scmi_chan_info *cinfo, struct device *dev, + bool tx) + { +@@ -64,6 +97,10 @@ static int mailbox_chan_setup(struct scm + resource_size_t size; + struct resource res; + ++ ret = mailbox_chan_validate(cdev); ++ if (ret) ++ return ret; ++ + smbox = devm_kzalloc(dev, sizeof(*smbox), GFP_KERNEL); + if (!smbox) + return -ENOMEM; diff --git a/queue-6.1/i2c-xgene-slimpro-fix-out-of-bounds-bug-in-xgene_slimpro_i2c_xfer.patch b/queue-6.1/i2c-xgene-slimpro-fix-out-of-bounds-bug-in-xgene_slimpro_i2c_xfer.patch new file mode 100644 index 00000000000..3676561a20e --- /dev/null +++ b/queue-6.1/i2c-xgene-slimpro-fix-out-of-bounds-bug-in-xgene_slimpro_i2c_xfer.patch @@ -0,0 +1,37 @@ +From 92fbb6d1296f81f41f65effd7f5f8c0f74943d15 Mon Sep 17 00:00:00 2001 +From: Wei Chen +Date: Tue, 14 Mar 2023 16:54:21 +0000 +Subject: i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() + +From: Wei Chen + +commit 92fbb6d1296f81f41f65effd7f5f8c0f74943d15 upstream. + +The data->block[0] variable comes from user and is a number between +0-255. Without proper check, the variable may be very large to cause +an out-of-bounds when performing memcpy in slimpro_i2c_blkwr. + +Fix this bug by checking the value of writelen. + +Fixes: f6505fbabc42 ("i2c: add SLIMpro I2C device driver on APM X-Gene platform") +Signed-off-by: Wei Chen +Cc: stable@vger.kernel.org +Reviewed-by: Andi Shyti +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-xgene-slimpro.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/i2c/busses/i2c-xgene-slimpro.c ++++ b/drivers/i2c/busses/i2c-xgene-slimpro.c +@@ -308,6 +308,9 @@ static int slimpro_i2c_blkwr(struct slim + u32 msg[3]; + int rc; + ++ if (writelen > I2C_SMBUS_BLOCK_MAX) ++ return -EINVAL; ++ + memcpy(ctx->dma_buffer, data, writelen); + paddr = dma_map_single(ctx->dev, ctx->dma_buffer, writelen, + DMA_TO_DEVICE); diff --git a/queue-6.1/mm-ksm-fix-race-with-vma-iteration-and-mm_struct-teardown.patch b/queue-6.1/mm-ksm-fix-race-with-vma-iteration-and-mm_struct-teardown.patch new file mode 100644 index 00000000000..d5698f98740 --- /dev/null +++ b/queue-6.1/mm-ksm-fix-race-with-vma-iteration-and-mm_struct-teardown.patch @@ -0,0 +1,64 @@ +From 6db504ce55bdbc575723938fc480713c9183f6a2 Mon Sep 17 00:00:00 2001 +From: "Liam R. Howlett" +Date: Wed, 8 Mar 2023 17:03:10 -0500 +Subject: mm/ksm: fix race with VMA iteration and mm_struct teardown + +From: Liam R. Howlett + +commit 6db504ce55bdbc575723938fc480713c9183f6a2 upstream. + +exit_mmap() will tear down the VMAs and maple tree with the mmap_lock held +in write mode. Ensure that the maple tree is still valid by checking +ksm_test_exit() after taking the mmap_lock in read mode, but before the +for_each_vma() iterator dereferences a destroyed maple tree. + +Since the maple tree is destroyed, the flags telling lockdep to check an +external lock has been cleared. Skip the for_each_vma() iterator to avoid +dereferencing a maple tree without the external lock flag, which would +create a lockdep warning. + +Link: https://lkml.kernel.org/r/20230308220310.3119196-1-Liam.Howlett@oracle.com +Fixes: a5f18ba07276 ("mm/ksm: use vma iterators instead of vma linked list") +Signed-off-by: Liam R. Howlett +Reported-by: Pengfei Xu + Link: https://lore.kernel.org/lkml/ZAdUUhSbaa6fHS36@xpf.sh.intel.com/ +Reported-by: syzbot+2ee18845e89ae76342c5@syzkaller.appspotmail.com + Link: https://syzkaller.appspot.com/bug?id=64a3e95957cd3deab99df7cd7b5a9475af92c93e +Acked-by: David Hildenbrand +Cc: Matthew Wilcox (Oracle) +Cc: +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/ksm.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/mm/ksm.c ++++ b/mm/ksm.c +@@ -960,9 +960,15 @@ static int unmerge_and_remove_all_rmap_i + + mm = mm_slot->slot.mm; + mmap_read_lock(mm); ++ ++ /* ++ * Exit right away if mm is exiting to avoid lockdep issue in ++ * the maple tree ++ */ ++ if (ksm_test_exit(mm)) ++ goto mm_exiting; ++ + for_each_vma(vmi, vma) { +- if (ksm_test_exit(mm)) +- break; + if (!(vma->vm_flags & VM_MERGEABLE) || !vma->anon_vma) + continue; + err = unmerge_ksm_pages(vma, +@@ -971,6 +977,7 @@ static int unmerge_and_remove_all_rmap_i + goto error; + } + ++mm_exiting: + remove_trailing_rmap_items(&mm_slot->rmap_list); + mmap_read_unlock(mm); + diff --git a/queue-6.1/riscv-handle-zicsr-zifencei-issues-between-clang-and-binutils.patch b/queue-6.1/riscv-handle-zicsr-zifencei-issues-between-clang-and-binutils.patch new file mode 100644 index 00000000000..6345f9364c5 --- /dev/null +++ b/queue-6.1/riscv-handle-zicsr-zifencei-issues-between-clang-and-binutils.patch @@ -0,0 +1,122 @@ +From e89c2e815e76471cb507bd95728bf26da7976430 Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Mon, 13 Mar 2023 16:00:23 -0700 +Subject: riscv: Handle zicsr/zifencei issues between clang and binutils + +From: Nathan Chancellor + +commit e89c2e815e76471cb507bd95728bf26da7976430 upstream. + +There are two related issues that appear in certain combinations with +clang and GNU binutils. + +The first occurs when a version of clang that supports zicsr or zifencei +via '-march=' [1] (i.e, >= 17.x) is used in combination with a version +of GNU binutils that do not recognize zicsr and zifencei in the +'-march=' value (i.e., < 2.36): + + riscv64-linux-gnu-ld: -march=rv64i2p0_m2p0_a2p0_c2p0_zicsr2p0_zifencei2p0: Invalid or unknown z ISA extension: 'zifencei' + riscv64-linux-gnu-ld: failed to merge target specific data of file fs/efivarfs/file.o + riscv64-linux-gnu-ld: -march=rv64i2p0_m2p0_a2p0_c2p0_zicsr2p0_zifencei2p0: Invalid or unknown z ISA extension: 'zifencei' + riscv64-linux-gnu-ld: failed to merge target specific data of file fs/efivarfs/super.o + +The second occurs when a version of clang that does not support zicsr or +zifencei via '-march=' (i.e., <= 16.x) is used in combination with a +version of GNU as that defaults to a newer ISA base spec, which requires +specifying zicsr and zifencei in the '-march=' value explicitly (i.e, >= +2.38): + + ../arch/riscv/kernel/kexec_relocate.S: Assembler messages: + ../arch/riscv/kernel/kexec_relocate.S:147: Error: unrecognized opcode `fence.i', extension `zifencei' required + clang-12: error: assembler command failed with exit code 1 (use -v to see invocation) + +This is the same issue addressed by commit 6df2a016c0c8 ("riscv: fix +build with binutils 2.38") (see [2] for additional information) but +older versions of clang miss out on it because the cc-option check +fails: + + clang-12: error: invalid arch name 'rv64imac_zicsr_zifencei', unsupported standard user-level extension 'zicsr' + clang-12: error: invalid arch name 'rv64imac_zicsr_zifencei', unsupported standard user-level extension 'zicsr' + +To resolve the first issue, only attempt to add zicsr and zifencei to +the march string when using the GNU assembler 2.38 or newer, which is +when the default ISA spec was updated, requiring these extensions to be +specified explicitly. LLVM implements an older version of the base +specification for all currently released versions, so these instructions +are available as part of the 'i' extension. If LLVM's implementation is +updated in the future, a CONFIG_AS_IS_LLVM condition can be added to +CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI. + +To resolve the second issue, use version 2.2 of the base ISA spec when +using an older version of clang that does not support zicsr or zifencei +via '-march=', as that is the spec version most compatible with the one +clang/LLVM implements and avoids the need to specify zicsr and zifencei +explicitly due to still being a part of 'i'. + +[1]: https://github.com/llvm/llvm-project/commit/22e199e6afb1263c943c0c0d4498694e15bf8a16 +[2]: https://lore.kernel.org/ZAxT7T9Xy1Fo3d5W@aurel32.net/ + +Cc: stable@vger.kernel.org +Link: https://github.com/ClangBuiltLinux/linux/issues/1808 +Co-developed-by: Conor Dooley +Signed-off-by: Conor Dooley +Signed-off-by: Nathan Chancellor +Acked-by: Conor Dooley +Link: https://lore.kernel.org/r/20230313-riscv-zicsr-zifencei-fiasco-v1-1-dd1b7840a551@kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/Kconfig | 22 ++++++++++++++++++++++ + arch/riscv/Makefile | 10 ++++++---- + 2 files changed, 28 insertions(+), 4 deletions(-) + +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -442,6 +442,28 @@ config TOOLCHAIN_HAS_ZIHINTPAUSE + depends on !32BIT || $(cc-option,-mabi=ilp32 -march=rv32ima_zihintpause) + depends on LLD_VERSION >= 150000 || LD_VERSION >= 23600 + ++config TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI ++ def_bool y ++ # https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=aed44286efa8ae8717a77d94b51ac3614e2ca6dc ++ depends on AS_IS_GNU && AS_VERSION >= 23800 ++ help ++ Newer binutils versions default to ISA spec version 20191213 which ++ moves some instructions from the I extension to the Zicsr and Zifencei ++ extensions. ++ ++config TOOLCHAIN_NEEDS_OLD_ISA_SPEC ++ def_bool y ++ depends on TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI ++ # https://github.com/llvm/llvm-project/commit/22e199e6afb1263c943c0c0d4498694e15bf8a16 ++ depends on CC_IS_CLANG && CLANG_VERSION < 170000 ++ help ++ Certain versions of clang do not support zicsr and zifencei via -march ++ but newer versions of binutils require it for the reasons noted in the ++ help text of CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI. This ++ option causes an older ISA spec compatible with these older versions ++ of clang to be passed to GAS, which has the same result as passing zicsr ++ and zifencei to -march. ++ + config FPU + bool "FPU support" + default y +--- a/arch/riscv/Makefile ++++ b/arch/riscv/Makefile +@@ -57,10 +57,12 @@ riscv-march-$(CONFIG_ARCH_RV64I) := rv64 + riscv-march-$(CONFIG_FPU) := $(riscv-march-y)fd + riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c + +-# Newer binutils versions default to ISA spec version 20191213 which moves some +-# instructions from the I extension to the Zicsr and Zifencei extensions. +-toolchain-need-zicsr-zifencei := $(call cc-option-yn, -march=$(riscv-march-y)_zicsr_zifencei) +-riscv-march-$(toolchain-need-zicsr-zifencei) := $(riscv-march-y)_zicsr_zifencei ++ifdef CONFIG_TOOLCHAIN_NEEDS_OLD_ISA_SPEC ++KBUILD_CFLAGS += -Wa,-misa-spec=2.2 ++KBUILD_AFLAGS += -Wa,-misa-spec=2.2 ++else ++riscv-march-$(CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI) := $(riscv-march-y)_zicsr_zifencei ++endif + + # Check if the toolchain supports Zicbom extension + riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZICBOM) := $(riscv-march-y)_zicbom diff --git a/queue-6.1/riscv-mm-fix-incorrect-asid-argument-when-flushing-tlb.patch b/queue-6.1/riscv-mm-fix-incorrect-asid-argument-when-flushing-tlb.patch new file mode 100644 index 00000000000..9c8fc46a627 --- /dev/null +++ b/queue-6.1/riscv-mm-fix-incorrect-asid-argument-when-flushing-tlb.patch @@ -0,0 +1,59 @@ +From 9a801afd3eb95e1a89aba17321062df06fb49d98 Mon Sep 17 00:00:00 2001 +From: Dylan Jhong +Date: Mon, 13 Mar 2023 11:49:06 +0800 +Subject: riscv: mm: Fix incorrect ASID argument when flushing TLB + +From: Dylan Jhong + +commit 9a801afd3eb95e1a89aba17321062df06fb49d98 upstream. + +Currently, we pass the CONTEXTID instead of the ASID to the TLB flush +function. We should only take the ASID field to prevent from touching +the reserved bit field. + +Fixes: 3f1e782998cd ("riscv: add ASID-based tlbflushing methods") +Signed-off-by: Dylan Jhong +Reviewed-by: Sergey Matyukevich +Link: https://lore.kernel.org/r/20230313034906.2401730-1-dylan@andestech.com +Cc: stable@vger.kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/tlbflush.h | 2 ++ + arch/riscv/mm/context.c | 2 +- + arch/riscv/mm/tlbflush.c | 2 +- + 3 files changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/riscv/include/asm/tlbflush.h ++++ b/arch/riscv/include/asm/tlbflush.h +@@ -12,6 +12,8 @@ + #include + + #ifdef CONFIG_MMU ++extern unsigned long asid_mask; ++ + static inline void local_flush_tlb_all(void) + { + __asm__ __volatile__ ("sfence.vma" : : : "memory"); +--- a/arch/riscv/mm/context.c ++++ b/arch/riscv/mm/context.c +@@ -22,7 +22,7 @@ DEFINE_STATIC_KEY_FALSE(use_asid_allocat + + static unsigned long asid_bits; + static unsigned long num_asids; +-static unsigned long asid_mask; ++unsigned long asid_mask; + + static atomic_long_t current_version; + +--- a/arch/riscv/mm/tlbflush.c ++++ b/arch/riscv/mm/tlbflush.c +@@ -42,7 +42,7 @@ static void __sbi_tlb_flush_range(struct + /* check if the tlbflush needs to be sent to other CPUs */ + broadcast = cpumask_any_but(cmask, cpuid) < nr_cpu_ids; + if (static_branch_unlikely(&use_asid_allocator)) { +- unsigned long asid = atomic_long_read(&mm->context.id); ++ unsigned long asid = atomic_long_read(&mm->context.id) & asid_mask; + + if (broadcast) { + sbi_remote_sfence_vma_asid(cmask, start, size, asid); diff --git a/queue-6.1/sched-fair-sanitize-vruntime-of-entity-being-migrated.patch b/queue-6.1/sched-fair-sanitize-vruntime-of-entity-being-migrated.patch new file mode 100644 index 00000000000..d60613c0b14 --- /dev/null +++ b/queue-6.1/sched-fair-sanitize-vruntime-of-entity-being-migrated.patch @@ -0,0 +1,131 @@ +From a53ce18cacb477dd0513c607f187d16f0fa96f71 Mon Sep 17 00:00:00 2001 +From: Vincent Guittot +Date: Fri, 17 Mar 2023 17:08:10 +0100 +Subject: sched/fair: Sanitize vruntime of entity being migrated + +From: Vincent Guittot + +commit a53ce18cacb477dd0513c607f187d16f0fa96f71 upstream. + +Commit 829c1651e9c4 ("sched/fair: sanitize vruntime of entity being placed") +fixes an overflowing bug, but ignore a case that se->exec_start is reset +after a migration. + +For fixing this case, we delay the reset of se->exec_start after +placing the entity which se->exec_start to detect long sleeping task. + +In order to take into account a possible divergence between the clock_task +of 2 rqs, we increase the threshold to around 104 days. + +Fixes: 829c1651e9c4 ("sched/fair: sanitize vruntime of entity being placed") +Originally-by: Zhang Qiao +Signed-off-by: Vincent Guittot +Signed-off-by: Peter Zijlstra (Intel) +Tested-by: Zhang Qiao +Link: https://lore.kernel.org/r/20230317160810.107988-1-vincent.guittot@linaro.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/sched/core.c | 3 ++ + kernel/sched/fair.c | 53 ++++++++++++++++++++++++++++++++++++++++++---------- + 2 files changed, 46 insertions(+), 10 deletions(-) + +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -2082,6 +2082,9 @@ static inline void dequeue_task(struct r + + void activate_task(struct rq *rq, struct task_struct *p, int flags) + { ++ if (task_on_rq_migrating(p)) ++ flags |= ENQUEUE_MIGRATED; ++ + enqueue_task(rq, p, flags); + + p->on_rq = TASK_ON_RQ_QUEUED; +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -4636,11 +4636,33 @@ static void check_spread(struct cfs_rq * + #endif + } + ++static inline bool entity_is_long_sleeper(struct sched_entity *se) ++{ ++ struct cfs_rq *cfs_rq; ++ u64 sleep_time; ++ ++ if (se->exec_start == 0) ++ return false; ++ ++ cfs_rq = cfs_rq_of(se); ++ ++ sleep_time = rq_clock_task(rq_of(cfs_rq)); ++ ++ /* Happen while migrating because of clock task divergence */ ++ if (sleep_time <= se->exec_start) ++ return false; ++ ++ sleep_time -= se->exec_start; ++ if (sleep_time > ((1ULL << 63) / scale_load_down(NICE_0_LOAD))) ++ return true; ++ ++ return false; ++} ++ + static void + place_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int initial) + { + u64 vruntime = cfs_rq->min_vruntime; +- u64 sleep_time; + + /* + * The 'current' period is already promised to the current tasks, +@@ -4672,13 +4694,24 @@ place_entity(struct cfs_rq *cfs_rq, stru + + /* + * Pull vruntime of the entity being placed to the base level of +- * cfs_rq, to prevent boosting it if placed backwards. If the entity +- * slept for a long time, don't even try to compare its vruntime with +- * the base as it may be too far off and the comparison may get +- * inversed due to s64 overflow. ++ * cfs_rq, to prevent boosting it if placed backwards. ++ * However, min_vruntime can advance much faster than real time, with ++ * the extreme being when an entity with the minimal weight always runs ++ * on the cfs_rq. If the waking entity slept for a long time, its ++ * vruntime difference from min_vruntime may overflow s64 and their ++ * comparison may get inversed, so ignore the entity's original ++ * vruntime in that case. ++ * The maximal vruntime speedup is given by the ratio of normal to ++ * minimal weight: scale_load_down(NICE_0_LOAD) / MIN_SHARES. ++ * When placing a migrated waking entity, its exec_start has been set ++ * from a different rq. In order to take into account a possible ++ * divergence between new and prev rq's clocks task because of irq and ++ * stolen time, we take an additional margin. ++ * So, cutting off on the sleep time of ++ * 2^63 / scale_load_down(NICE_0_LOAD) ~ 104 days ++ * should be safe. + */ +- sleep_time = rq_clock_task(rq_of(cfs_rq)) - se->exec_start; +- if ((s64)sleep_time > 60LL * NSEC_PER_SEC) ++ if (entity_is_long_sleeper(se)) + se->vruntime = vruntime; + else + se->vruntime = max_vruntime(se->vruntime, vruntime); +@@ -4758,6 +4791,9 @@ enqueue_entity(struct cfs_rq *cfs_rq, st + + if (flags & ENQUEUE_WAKEUP) + place_entity(cfs_rq, se, 0); ++ /* Entity has migrated, no longer consider this task hot */ ++ if (flags & ENQUEUE_MIGRATED) ++ se->exec_start = 0; + + check_schedstat_required(); + update_stats_enqueue_fair(cfs_rq, se, flags); +@@ -7460,9 +7496,6 @@ static void migrate_task_rq_fair(struct + /* Tell new CPU we are migrated */ + se->avg.last_update_time = 0; + +- /* We have migrated, no longer consider this task hot */ +- se->exec_start = 0; +- + update_scan_period(p, new_cpu); + } + diff --git a/queue-6.1/sched-fair-sanitize-vruntime-of-entity-being-placed.patch b/queue-6.1/sched-fair-sanitize-vruntime-of-entity-being-placed.patch new file mode 100644 index 00000000000..a1166157177 --- /dev/null +++ b/queue-6.1/sched-fair-sanitize-vruntime-of-entity-being-placed.patch @@ -0,0 +1,65 @@ +From 829c1651e9c4a6f78398d3e67651cef9bb6b42cc Mon Sep 17 00:00:00 2001 +From: Zhang Qiao +Date: Mon, 30 Jan 2023 13:22:16 +0100 +Subject: sched/fair: sanitize vruntime of entity being placed + +From: Zhang Qiao + +commit 829c1651e9c4a6f78398d3e67651cef9bb6b42cc upstream. + +When a scheduling entity is placed onto cfs_rq, its vruntime is pulled +to the base level (around cfs_rq->min_vruntime), so that the entity +doesn't gain extra boost when placed backwards. + +However, if the entity being placed wasn't executed for a long time, its +vruntime may get too far behind (e.g. while cfs_rq was executing a +low-weight hog), which can inverse the vruntime comparison due to s64 +overflow. This results in the entity being placed with its original +vruntime way forwards, so that it will effectively never get to the cpu. + +To prevent that, ignore the vruntime of the entity being placed if it +didn't execute for much longer than the characteristic sheduler time +scale. + +[rkagan: formatted, adjusted commit log, comments, cutoff value] +Signed-off-by: Zhang Qiao +Co-developed-by: Roman Kagan +Signed-off-by: Roman Kagan +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20230130122216.3555094-1-rkagan@amazon.de +Signed-off-by: Greg Kroah-Hartman +--- + kernel/sched/fair.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -4640,6 +4640,7 @@ static void + place_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int initial) + { + u64 vruntime = cfs_rq->min_vruntime; ++ u64 sleep_time; + + /* + * The 'current' period is already promised to the current tasks, +@@ -4669,8 +4670,18 @@ place_entity(struct cfs_rq *cfs_rq, stru + vruntime -= thresh; + } + +- /* ensure we never gain time by being placed backwards. */ +- se->vruntime = max_vruntime(se->vruntime, vruntime); ++ /* ++ * Pull vruntime of the entity being placed to the base level of ++ * cfs_rq, to prevent boosting it if placed backwards. If the entity ++ * slept for a long time, don't even try to compare its vruntime with ++ * the base as it may be too far off and the comparison may get ++ * inversed due to s64 overflow. ++ */ ++ sleep_time = rq_clock_task(rq_of(cfs_rq)) - se->exec_start; ++ if ((s64)sleep_time > 60LL * NSEC_PER_SEC) ++ se->vruntime = vruntime; ++ else ++ se->vruntime = max_vruntime(se->vruntime, vruntime); + } + + static void check_enqueue_throttle(struct cfs_rq *cfs_rq); diff --git a/queue-6.1/series b/queue-6.1/series index 1d1da4cecd3..1e002bb317f 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -195,3 +195,26 @@ ksmbd-return-status_not_supported-on-unsupported-smb2.0-dialect.patch ksmbd-return-unsupported-error-on-smb1-mount.patch wifi-mac80211-fix-qos-on-mesh-interfaces.patch nilfs2-fix-kernel-infoleak-in-nilfs_ioctl_wrap_copy.patch +drm-bridge-lt8912b-return-eprobe_defer-if-bridge-is-not-found.patch +drm-amd-display-fix-wrong-index-used-in-dccg32_set_dpstreamclk.patch +drm-meson-fix-missing-component-unbind-on-bind-errors.patch +drm-amdgpu-nv-apply-aspm-quirk-on-intel-adl-amd-navi.patch +drm-i915-active-fix-missing-debug-object-activation.patch +drm-i915-preserve-crtc_state-inherited-during-state-clearing.patch +drm-amdgpu-skip-asic-reset-for-apus-when-go-to-s4.patch +drm-amdgpu-reposition-the-gpu-reset-checking-for-reuse.patch +riscv-mm-fix-incorrect-asid-argument-when-flushing-tlb.patch +riscv-handle-zicsr-zifencei-issues-between-clang-and-binutils.patch +tee-amdtee-fix-race-condition-in-amdtee_open_session.patch +firmware-arm_scmi-fix-device-node-validation-for-mailbox-transport.patch +arm64-dts-qcom-sc7280-mark-pcie-controller-as-cache-coherent.patch +arm64-dts-qcom-sm8150-fix-the-iommu-mask-used-for-pcie-controllers.patch +soc-qcom-llcc-fix-slice-configuration-values-for-sc8280xp.patch +mm-ksm-fix-race-with-vma-iteration-and-mm_struct-teardown.patch +bus-imx-weim-fix-branch-condition-evaluates-to-a-garbage-value.patch +i2c-xgene-slimpro-fix-out-of-bounds-bug-in-xgene_slimpro_i2c_xfer.patch +dm-stats-check-for-and-propagate-alloc_percpu-failure.patch +dm-crypt-add-cond_resched-to-dmcrypt_write.patch +dm-crypt-avoid-accessing-uninitialized-tasklet.patch +sched-fair-sanitize-vruntime-of-entity-being-placed.patch +sched-fair-sanitize-vruntime-of-entity-being-migrated.patch diff --git a/queue-6.1/soc-qcom-llcc-fix-slice-configuration-values-for-sc8280xp.patch b/queue-6.1/soc-qcom-llcc-fix-slice-configuration-values-for-sc8280xp.patch new file mode 100644 index 00000000000..34432122f41 --- /dev/null +++ b/queue-6.1/soc-qcom-llcc-fix-slice-configuration-values-for-sc8280xp.patch @@ -0,0 +1,45 @@ +From 77bf4b3ed42e31d29b255fcd6530fb7a1e217e89 Mon Sep 17 00:00:00 2001 +From: Abel Vesa +Date: Mon, 6 Mar 2023 15:55:27 +0200 +Subject: soc: qcom: llcc: Fix slice configuration values for SC8280XP + +From: Abel Vesa + +commit 77bf4b3ed42e31d29b255fcd6530fb7a1e217e89 upstream. + +The slice IDs for CVPFW, CPUSS1 and CPUWHT currently overflow the 32bit +LLCC config registers, which means it is writing beyond the upper limit +of the ATTR0_CFGn and ATTR1_CFGn range of registers. But the most obvious +impact is the fact that the mentioned slices do not get configured at all, +which will result in reduced performance. Fix that by using the slice ID +values taken from the latest LLCC SC table. + +Fixes: ec69dfbdc426 ("soc: qcom: llcc: Add sc8180x and sc8280xp configurations") +Cc: stable@vger.kernel.org # 5.19+ +Signed-off-by: Abel Vesa +Tested-by: Juerg Haefliger +Reviewed-by: Sai Prakash Ranjan +Acked-by: Konrad Dybcio +Reviewed-by: Johan Hovold +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20230306135527.509796-1-abel.vesa@linaro.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/soc/qcom/llcc-qcom.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/soc/qcom/llcc-qcom.c ++++ b/drivers/soc/qcom/llcc-qcom.c +@@ -170,9 +170,9 @@ static const struct llcc_slice_config sc + { LLCC_CVP, 28, 512, 3, 1, 0xfff, 0x0, 0, 0, 0, 1, 0, 0 }, + { LLCC_APTCM, 30, 1024, 3, 1, 0x0, 0x1, 1, 0, 0, 1, 0, 0 }, + { LLCC_WRCACHE, 31, 1024, 1, 1, 0xfff, 0x0, 0, 0, 0, 0, 1, 0 }, +- { LLCC_CVPFW, 32, 512, 1, 0, 0xfff, 0x0, 0, 0, 0, 1, 0, 0 }, +- { LLCC_CPUSS1, 33, 2048, 1, 1, 0xfff, 0x0, 0, 0, 0, 1, 0, 0 }, +- { LLCC_CPUHWT, 36, 512, 1, 1, 0xfff, 0x0, 0, 0, 0, 0, 1, 0 }, ++ { LLCC_CVPFW, 17, 512, 1, 0, 0xfff, 0x0, 0, 0, 0, 1, 0, 0 }, ++ { LLCC_CPUSS1, 3, 2048, 1, 1, 0xfff, 0x0, 0, 0, 0, 1, 0, 0 }, ++ { LLCC_CPUHWT, 5, 512, 1, 1, 0xfff, 0x0, 0, 0, 0, 0, 1, 0 }, + }; + + static const struct llcc_slice_config sdm845_data[] = { diff --git a/queue-6.1/tee-amdtee-fix-race-condition-in-amdtee_open_session.patch b/queue-6.1/tee-amdtee-fix-race-condition-in-amdtee_open_session.patch new file mode 100644 index 00000000000..65eeb9d8123 --- /dev/null +++ b/queue-6.1/tee-amdtee-fix-race-condition-in-amdtee_open_session.patch @@ -0,0 +1,84 @@ +From f8502fba45bd30e1a6a354d9d898bc99d1a11e6d Mon Sep 17 00:00:00 2001 +From: Rijo Thomas +Date: Tue, 28 Feb 2023 15:11:20 +0530 +Subject: tee: amdtee: fix race condition in amdtee_open_session + +From: Rijo Thomas + +commit f8502fba45bd30e1a6a354d9d898bc99d1a11e6d upstream. + +There is a potential race condition in amdtee_open_session that may +lead to use-after-free. For instance, in amdtee_open_session() after +sess->sess_mask is set, and before setting: + + sess->session_info[i] = session_info; + +if amdtee_close_session() closes this same session, then 'sess' data +structure will be released, causing kernel panic when 'sess' is +accessed within amdtee_open_session(). + +The solution is to set the bit sess->sess_mask as the last step in +amdtee_open_session(). + +Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") +Cc: stable@vger.kernel.org +Signed-off-by: Rijo Thomas +Acked-by: Sumit Garg +Signed-off-by: Jens Wiklander +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tee/amdtee/core.c | 29 ++++++++++++++--------------- + 1 file changed, 14 insertions(+), 15 deletions(-) + +--- a/drivers/tee/amdtee/core.c ++++ b/drivers/tee/amdtee/core.c +@@ -267,35 +267,34 @@ int amdtee_open_session(struct tee_conte + goto out; + } + ++ /* Open session with loaded TA */ ++ handle_open_session(arg, &session_info, param); ++ if (arg->ret != TEEC_SUCCESS) { ++ pr_err("open_session failed %d\n", arg->ret); ++ handle_unload_ta(ta_handle); ++ kref_put(&sess->refcount, destroy_session); ++ goto out; ++ } ++ + /* Find an empty session index for the given TA */ + spin_lock(&sess->lock); + i = find_first_zero_bit(sess->sess_mask, TEE_NUM_SESSIONS); +- if (i < TEE_NUM_SESSIONS) ++ if (i < TEE_NUM_SESSIONS) { ++ sess->session_info[i] = session_info; ++ set_session_id(ta_handle, i, &arg->session); + set_bit(i, sess->sess_mask); ++ } + spin_unlock(&sess->lock); + + if (i >= TEE_NUM_SESSIONS) { + pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); ++ handle_close_session(ta_handle, session_info); + handle_unload_ta(ta_handle); + kref_put(&sess->refcount, destroy_session); + rc = -ENOMEM; + goto out; + } + +- /* Open session with loaded TA */ +- handle_open_session(arg, &session_info, param); +- if (arg->ret != TEEC_SUCCESS) { +- pr_err("open_session failed %d\n", arg->ret); +- spin_lock(&sess->lock); +- clear_bit(i, sess->sess_mask); +- spin_unlock(&sess->lock); +- handle_unload_ta(ta_handle); +- kref_put(&sess->refcount, destroy_session); +- goto out; +- } +- +- sess->session_info[i] = session_info; +- set_session_id(ta_handle, i, &arg->session); + out: + free_pages((u64)ta, get_order(ta_size)); + return rc;