From 1a772d4be95f556b847711b1c8fc69ba27a13d49 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Mon, 26 Sep 2022 00:58:00 -0400 Subject: [PATCH] Fixes for 5.19 Signed-off-by: Sasha Levin --- ...m-keyring-depend-on-built-in-x509-pa.patch | 44 ++++ ...-register-a-dirty-callback-for-non-a.patch | 59 ++++++ ...ax-fix-infinite-loop-in-dax_iomap_rw.patch | 62 ++++++ ...ntime_get_sync-returned-1-device-acc.patch | 43 ++++ .../i2c-mlxbf-fix-frequency-calculation.patch | 188 ++++++++++++++++++ ...ect-base-address-passed-during-io-wr.patch | 40 ++++ ...t-stack-overflow-in-mlxbf_i2c_smbus_.patch | 39 ++++ ...2c_mux_alloc-against-integer-overflo.patch | 46 +++++ ...ug-re-enable-debug-info-for-.s-files.patch | 94 +++++++++ ...et-g-unconditional-on-config_debug_i.patch | 56 ++++++ queue-5.19/pmem-fix-a-name-collision.patch | 78 ++++++++ queue-5.19/series | 12 ++ ...skip-lockdep-work-dependency-in-canc.patch | 98 +++++++++ 13 files changed, 859 insertions(+) create mode 100644 queue-5.19/certs-make-system-keyring-depend-on-built-in-x509-pa.patch create mode 100644 queue-5.19/drm-amdgpu-don-t-register-a-dirty-callback-for-non-a.patch create mode 100644 queue-5.19/fsdax-fix-infinite-loop-in-dax_iomap_rw.patch create mode 100644 queue-5.19/i2c-imx-if-pm_runtime_get_sync-returned-1-device-acc.patch create mode 100644 queue-5.19/i2c-mlxbf-fix-frequency-calculation.patch create mode 100644 queue-5.19/i2c-mlxbf-incorrect-base-address-passed-during-io-wr.patch create mode 100644 queue-5.19/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch create mode 100644 queue-5.19/i2c-mux-harden-i2c_mux_alloc-against-integer-overflo.patch create mode 100644 queue-5.19/makefile.debug-re-enable-debug-info-for-.s-files.patch create mode 100644 queue-5.19/makefile.debug-set-g-unconditional-on-config_debug_i.patch create mode 100644 queue-5.19/pmem-fix-a-name-collision.patch create mode 100644 queue-5.19/workqueue-don-t-skip-lockdep-work-dependency-in-canc.patch diff --git a/queue-5.19/certs-make-system-keyring-depend-on-built-in-x509-pa.patch b/queue-5.19/certs-make-system-keyring-depend-on-built-in-x509-pa.patch new file mode 100644 index 00000000000..55f7a7e039f --- /dev/null +++ b/queue-5.19/certs-make-system-keyring-depend-on-built-in-x509-pa.patch @@ -0,0 +1,44 @@ +From 112b8568de7fdd74634697cceb399329b1c41030 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Sep 2022 15:52:10 +0900 +Subject: certs: make system keyring depend on built-in x509 parser + +From: Masahiro Yamada + +[ Upstream commit 2154aca21408752eaa3eeaf2ba6e942724ff2a4d ] + +Commit e90886291c7c ("certs: make system keyring depend on x509 parser") +is not the right fix because x509_load_certificate_list() can be modular. + +The combination of CONFIG_SYSTEM_TRUSTED_KEYRING=y and +CONFIG_X509_CERTIFICATE_PARSER=m still results in the following error: + + LD .tmp_vmlinux.kallsyms1 + ld: certs/system_keyring.o: in function `load_system_certificate_list': + system_keyring.c:(.init.text+0x8c): undefined reference to `x509_load_certificate_list' + make: *** [Makefile:1169: vmlinux] Error 1 + +Fixes: e90886291c7c ("certs: make system keyring depend on x509 parser") +Signed-off-by: Masahiro Yamada +Tested-by: Adam Borowski +Signed-off-by: Sasha Levin +--- + certs/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/certs/Kconfig b/certs/Kconfig +index bf9b511573d7..1f109b070877 100644 +--- a/certs/Kconfig ++++ b/certs/Kconfig +@@ -43,7 +43,7 @@ config SYSTEM_TRUSTED_KEYRING + bool "Provide system-wide ring of trusted keys" + depends on KEYS + depends on ASYMMETRIC_KEY_TYPE +- depends on X509_CERTIFICATE_PARSER ++ depends on X509_CERTIFICATE_PARSER = y + help + Provide a system keyring to which trusted keys can be added. Keys in + the keyring are considered to be trusted. Keys may be added at will +-- +2.35.1 + diff --git a/queue-5.19/drm-amdgpu-don-t-register-a-dirty-callback-for-non-a.patch b/queue-5.19/drm-amdgpu-don-t-register-a-dirty-callback-for-non-a.patch new file mode 100644 index 00000000000..e99d4c01d25 --- /dev/null +++ b/queue-5.19/drm-amdgpu-don-t-register-a-dirty-callback-for-non-a.patch @@ -0,0 +1,59 @@ +From 2bf524207e703f2aa031e3b909d9f89d79199e2d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 19 Sep 2022 12:26:20 -0400 +Subject: drm/amdgpu: don't register a dirty callback for non-atomic + +From: Alex Deucher + +[ Upstream commit abbc7a3dafb91b9d4ec56b70ec9a7520f8e13334 ] + +Some asics still support non-atomic code paths. + +Fixes: 66f99628eb2440 ("drm/amdgpu: use dirty framebuffer helper") +Reported-by: Arthur Marsh +Reviewed-by: Hamza Mahfooz +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c +index 3451147beda3..0a8c15c3a04c 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -494,6 +495,11 @@ bool amdgpu_display_ddc_probe(struct amdgpu_connector *amdgpu_connector, + static const struct drm_framebuffer_funcs amdgpu_fb_funcs = { + .destroy = drm_gem_fb_destroy, + .create_handle = drm_gem_fb_create_handle, ++}; ++ ++static const struct drm_framebuffer_funcs amdgpu_fb_funcs_atomic = { ++ .destroy = drm_gem_fb_destroy, ++ .create_handle = drm_gem_fb_create_handle, + .dirty = drm_atomic_helper_dirtyfb, + }; + +@@ -1071,7 +1077,10 @@ static int amdgpu_display_gem_fb_verify_and_init(struct drm_device *dev, + if (ret) + goto err; + +- ret = drm_framebuffer_init(dev, &rfb->base, &amdgpu_fb_funcs); ++ if (drm_drv_uses_atomic_modeset(dev)) ++ ret = drm_framebuffer_init(dev, &rfb->base, &amdgpu_fb_funcs_atomic); ++ else ++ ret = drm_framebuffer_init(dev, &rfb->base, &amdgpu_fb_funcs); + if (ret) + goto err; + +-- +2.35.1 + diff --git a/queue-5.19/fsdax-fix-infinite-loop-in-dax_iomap_rw.patch b/queue-5.19/fsdax-fix-infinite-loop-in-dax_iomap_rw.patch new file mode 100644 index 00000000000..ead28de412e --- /dev/null +++ b/queue-5.19/fsdax-fix-infinite-loop-in-dax_iomap_rw.patch @@ -0,0 +1,62 @@ +From b8bb9bc0cdd9c91ab1f82f76b1c89c15702873c6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Jul 2022 11:20:50 +0800 +Subject: fsdax: Fix infinite loop in dax_iomap_rw() + +From: Li Jinlin + +[ Upstream commit 17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3 ] + +I got an infinite loop and a WARNING report when executing a tail command +in virtiofs. + + WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0 + Modules linked in: + CPU: 10 PID: 964 Comm: tail Not tainted 5.19.0-rc7 + Call Trace: + + dax_iomap_rw+0xea/0x620 + ? __this_cpu_preempt_check+0x13/0x20 + fuse_dax_read_iter+0x47/0x80 + fuse_file_read_iter+0xae/0xd0 + new_sync_read+0xfe/0x180 + ? 0xffffffff81000000 + vfs_read+0x14d/0x1a0 + ksys_read+0x6d/0xf0 + __x64_sys_read+0x1a/0x20 + do_syscall_64+0x3b/0x90 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + +The tail command will call read() with a count of 0. In this case, +iomap_iter() will report this WARNING, and always return 1 which casuing +the infinite loop in dax_iomap_rw(). + +Fixing by checking count whether is 0 in dax_iomap_rw(). + +Fixes: ca289e0b95af ("fsdax: switch dax_iomap_rw to use iomap_iter") +Signed-off-by: Li Jinlin +Reviewed-by: Darrick J. Wong +Link: https://lore.kernel.org/r/20220725032050.3873372-1-lijinlin3@huawei.com +Signed-off-by: Dan Williams +Signed-off-by: Sasha Levin +--- + fs/dax.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/fs/dax.c b/fs/dax.c +index 4155a6107fa1..7ab248ed21aa 100644 +--- a/fs/dax.c ++++ b/fs/dax.c +@@ -1241,6 +1241,9 @@ dax_iomap_rw(struct kiocb *iocb, struct iov_iter *iter, + loff_t done = 0; + int ret; + ++ if (!iomi.len) ++ return 0; ++ + if (iov_iter_rw(iter) == WRITE) { + lockdep_assert_held_write(&iomi.inode->i_rwsem); + iomi.flags |= IOMAP_WRITE; +-- +2.35.1 + diff --git a/queue-5.19/i2c-imx-if-pm_runtime_get_sync-returned-1-device-acc.patch b/queue-5.19/i2c-imx-if-pm_runtime_get_sync-returned-1-device-acc.patch new file mode 100644 index 00000000000..1144821143b --- /dev/null +++ b/queue-5.19/i2c-imx-if-pm_runtime_get_sync-returned-1-device-acc.patch @@ -0,0 +1,43 @@ +From 781d3e29dee94bb45b04de2492dd3bf4d40d2790 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Sep 2022 15:20:40 +0200 +Subject: i2c: imx: If pm_runtime_get_sync() returned 1 device access is + possible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Uwe Kleine-König + +[ Upstream commit 085aacaa73163f4b8a89dec24ecb32cfacd34017 ] + +pm_runtime_get_sync() returning 1 also means the device is powered. So +resetting the chip registers in .remove() is possible and should be +done. + +Reported-by: Dan Carpenter +Fixes: d98bdd3a5b50 ("i2c: imx: Make sure to unregister adapter on remove()") +Signed-off-by: Uwe Kleine-König +Acked-by: Oleksij Rempel +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-imx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/i2c-imx.c b/drivers/i2c/busses/i2c-imx.c +index e47fa3465671..3082183bd66a 100644 +--- a/drivers/i2c/busses/i2c-imx.c ++++ b/drivers/i2c/busses/i2c-imx.c +@@ -1583,7 +1583,7 @@ static int i2c_imx_remove(struct platform_device *pdev) + if (i2c_imx->dma) + i2c_imx_dma_free(i2c_imx); + +- if (ret == 0) { ++ if (ret >= 0) { + /* setup chip registers to defaults */ + imx_i2c_write_reg(0, i2c_imx, IMX_I2C_IADR); + imx_i2c_write_reg(0, i2c_imx, IMX_I2C_IFDR); +-- +2.35.1 + diff --git a/queue-5.19/i2c-mlxbf-fix-frequency-calculation.patch b/queue-5.19/i2c-mlxbf-fix-frequency-calculation.patch new file mode 100644 index 00000000000..2f96143f927 --- /dev/null +++ b/queue-5.19/i2c-mlxbf-fix-frequency-calculation.patch @@ -0,0 +1,188 @@ +From 36b676ef09d15c76f70e572e2bcc3fdd26871059 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Sep 2022 13:47:29 -0400 +Subject: i2c: mlxbf: Fix frequency calculation + +From: Asmaa Mnebhi + +[ Upstream commit 37f071ec327b04c83d47637c5e5c2199b39899ca ] + +The i2c-mlxbf.c driver is currently broken because there is a bug +in the calculation of the frequency. core_f, core_r and core_od +are components read from hardware registers and are used to +compute the frequency used to compute different timing parameters. +The shifting mechanism used to get core_f, core_r and core_od is +wrong. Use FIELD_GET to mask and shift the bitfields properly. + +Fixes: b5b5b32081cd206b (i2c: mlxbf: I2C SMBus driver for Mellanox BlueField SoC) +Reviewed-by: Khalil Blaiech +Signed-off-by: Asmaa Mnebhi +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-mlxbf.c | 63 +++++++++++++--------------------- + 1 file changed, 23 insertions(+), 40 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-mlxbf.c b/drivers/i2c/busses/i2c-mlxbf.c +index ac93c0ccf53c..ad5efd7497d1 100644 +--- a/drivers/i2c/busses/i2c-mlxbf.c ++++ b/drivers/i2c/busses/i2c-mlxbf.c +@@ -6,6 +6,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -63,13 +64,14 @@ + */ + #define MLXBF_I2C_TYU_PLL_OUT_FREQ (400 * 1000 * 1000) + /* Reference clock for Bluefield - 156 MHz. */ +-#define MLXBF_I2C_PLL_IN_FREQ (156 * 1000 * 1000) ++#define MLXBF_I2C_PLL_IN_FREQ 156250000ULL + + /* Constant used to determine the PLL frequency. */ +-#define MLNXBF_I2C_COREPLL_CONST 16384 ++#define MLNXBF_I2C_COREPLL_CONST 16384ULL ++ ++#define MLXBF_I2C_FREQUENCY_1GHZ 1000000000ULL + + /* PLL registers. */ +-#define MLXBF_I2C_CORE_PLL_REG0 0x0 + #define MLXBF_I2C_CORE_PLL_REG1 0x4 + #define MLXBF_I2C_CORE_PLL_REG2 0x8 + +@@ -181,22 +183,15 @@ + #define MLXBF_I2C_COREPLL_FREQ MLXBF_I2C_TYU_PLL_OUT_FREQ + + /* Core PLL TYU configuration. */ +-#define MLXBF_I2C_COREPLL_CORE_F_TYU_MASK GENMASK(12, 0) +-#define MLXBF_I2C_COREPLL_CORE_OD_TYU_MASK GENMASK(3, 0) +-#define MLXBF_I2C_COREPLL_CORE_R_TYU_MASK GENMASK(5, 0) +- +-#define MLXBF_I2C_COREPLL_CORE_F_TYU_SHIFT 3 +-#define MLXBF_I2C_COREPLL_CORE_OD_TYU_SHIFT 16 +-#define MLXBF_I2C_COREPLL_CORE_R_TYU_SHIFT 20 ++#define MLXBF_I2C_COREPLL_CORE_F_TYU_MASK GENMASK(15, 3) ++#define MLXBF_I2C_COREPLL_CORE_OD_TYU_MASK GENMASK(19, 16) ++#define MLXBF_I2C_COREPLL_CORE_R_TYU_MASK GENMASK(25, 20) + + /* Core PLL YU configuration. */ + #define MLXBF_I2C_COREPLL_CORE_F_YU_MASK GENMASK(25, 0) + #define MLXBF_I2C_COREPLL_CORE_OD_YU_MASK GENMASK(3, 0) +-#define MLXBF_I2C_COREPLL_CORE_R_YU_MASK GENMASK(5, 0) ++#define MLXBF_I2C_COREPLL_CORE_R_YU_MASK GENMASK(31, 26) + +-#define MLXBF_I2C_COREPLL_CORE_F_YU_SHIFT 0 +-#define MLXBF_I2C_COREPLL_CORE_OD_YU_SHIFT 1 +-#define MLXBF_I2C_COREPLL_CORE_R_YU_SHIFT 26 + + /* Core PLL frequency. */ + static u64 mlxbf_i2c_corepll_frequency; +@@ -479,8 +474,6 @@ static struct mutex mlxbf_i2c_bus_lock; + #define MLXBF_I2C_MASK_8 GENMASK(7, 0) + #define MLXBF_I2C_MASK_16 GENMASK(15, 0) + +-#define MLXBF_I2C_FREQUENCY_1GHZ 1000000000 +- + /* + * Function to poll a set of bits at a specific address; it checks whether + * the bits are equal to zero when eq_zero is set to 'true', and not equal +@@ -1410,24 +1403,19 @@ static int mlxbf_i2c_init_master(struct platform_device *pdev, + return 0; + } + +-static u64 mlxbf_calculate_freq_from_tyu(struct mlxbf_i2c_resource *corepll_res) ++static u64 mlxbf_i2c_calculate_freq_from_tyu(struct mlxbf_i2c_resource *corepll_res) + { +- u64 core_frequency, pad_frequency; ++ u64 core_frequency; + u8 core_od, core_r; + u32 corepll_val; + u16 core_f; + +- pad_frequency = MLXBF_I2C_PLL_IN_FREQ; +- + corepll_val = readl(corepll_res->io + MLXBF_I2C_CORE_PLL_REG1); + + /* Get Core PLL configuration bits. */ +- core_f = rol32(corepll_val, MLXBF_I2C_COREPLL_CORE_F_TYU_SHIFT) & +- MLXBF_I2C_COREPLL_CORE_F_TYU_MASK; +- core_od = rol32(corepll_val, MLXBF_I2C_COREPLL_CORE_OD_TYU_SHIFT) & +- MLXBF_I2C_COREPLL_CORE_OD_TYU_MASK; +- core_r = rol32(corepll_val, MLXBF_I2C_COREPLL_CORE_R_TYU_SHIFT) & +- MLXBF_I2C_COREPLL_CORE_R_TYU_MASK; ++ core_f = FIELD_GET(MLXBF_I2C_COREPLL_CORE_F_TYU_MASK, corepll_val); ++ core_od = FIELD_GET(MLXBF_I2C_COREPLL_CORE_OD_TYU_MASK, corepll_val); ++ core_r = FIELD_GET(MLXBF_I2C_COREPLL_CORE_R_TYU_MASK, corepll_val); + + /* + * Compute PLL output frequency as follow: +@@ -1439,31 +1427,26 @@ static u64 mlxbf_calculate_freq_from_tyu(struct mlxbf_i2c_resource *corepll_res) + * Where PLL_OUT_FREQ and PLL_IN_FREQ refer to CoreFrequency + * and PadFrequency, respectively. + */ +- core_frequency = pad_frequency * (++core_f); ++ core_frequency = MLXBF_I2C_PLL_IN_FREQ * (++core_f); + core_frequency /= (++core_r) * (++core_od); + + return core_frequency; + } + +-static u64 mlxbf_calculate_freq_from_yu(struct mlxbf_i2c_resource *corepll_res) ++static u64 mlxbf_i2c_calculate_freq_from_yu(struct mlxbf_i2c_resource *corepll_res) + { + u32 corepll_reg1_val, corepll_reg2_val; +- u64 corepll_frequency, pad_frequency; ++ u64 corepll_frequency; + u8 core_od, core_r; + u32 core_f; + +- pad_frequency = MLXBF_I2C_PLL_IN_FREQ; +- + corepll_reg1_val = readl(corepll_res->io + MLXBF_I2C_CORE_PLL_REG1); + corepll_reg2_val = readl(corepll_res->io + MLXBF_I2C_CORE_PLL_REG2); + + /* Get Core PLL configuration bits */ +- core_f = rol32(corepll_reg1_val, MLXBF_I2C_COREPLL_CORE_F_YU_SHIFT) & +- MLXBF_I2C_COREPLL_CORE_F_YU_MASK; +- core_r = rol32(corepll_reg1_val, MLXBF_I2C_COREPLL_CORE_R_YU_SHIFT) & +- MLXBF_I2C_COREPLL_CORE_R_YU_MASK; +- core_od = rol32(corepll_reg2_val, MLXBF_I2C_COREPLL_CORE_OD_YU_SHIFT) & +- MLXBF_I2C_COREPLL_CORE_OD_YU_MASK; ++ core_f = FIELD_GET(MLXBF_I2C_COREPLL_CORE_F_YU_MASK, corepll_reg1_val); ++ core_r = FIELD_GET(MLXBF_I2C_COREPLL_CORE_R_YU_MASK, corepll_reg1_val); ++ core_od = FIELD_GET(MLXBF_I2C_COREPLL_CORE_OD_YU_MASK, corepll_reg2_val); + + /* + * Compute PLL output frequency as follow: +@@ -1475,7 +1458,7 @@ static u64 mlxbf_calculate_freq_from_yu(struct mlxbf_i2c_resource *corepll_res) + * Where PLL_OUT_FREQ and PLL_IN_FREQ refer to CoreFrequency + * and PadFrequency, respectively. + */ +- corepll_frequency = (pad_frequency * core_f) / MLNXBF_I2C_COREPLL_CONST; ++ corepll_frequency = (MLXBF_I2C_PLL_IN_FREQ * core_f) / MLNXBF_I2C_COREPLL_CONST; + corepll_frequency /= (++core_r) * (++core_od); + + return corepll_frequency; +@@ -2183,14 +2166,14 @@ static struct mlxbf_i2c_chip_info mlxbf_i2c_chip[] = { + [1] = &mlxbf_i2c_corepll_res[MLXBF_I2C_CHIP_TYPE_1], + [2] = &mlxbf_i2c_gpio_res[MLXBF_I2C_CHIP_TYPE_1] + }, +- .calculate_freq = mlxbf_calculate_freq_from_tyu ++ .calculate_freq = mlxbf_i2c_calculate_freq_from_tyu + }, + [MLXBF_I2C_CHIP_TYPE_2] = { + .type = MLXBF_I2C_CHIP_TYPE_2, + .shared_res = { + [0] = &mlxbf_i2c_corepll_res[MLXBF_I2C_CHIP_TYPE_2] + }, +- .calculate_freq = mlxbf_calculate_freq_from_yu ++ .calculate_freq = mlxbf_i2c_calculate_freq_from_yu + } + }; + +-- +2.35.1 + diff --git a/queue-5.19/i2c-mlxbf-incorrect-base-address-passed-during-io-wr.patch b/queue-5.19/i2c-mlxbf-incorrect-base-address-passed-during-io-wr.patch new file mode 100644 index 00000000000..547bad40895 --- /dev/null +++ b/queue-5.19/i2c-mlxbf-incorrect-base-address-passed-during-io-wr.patch @@ -0,0 +1,40 @@ +From 2b4c2ef1b05e3142871fb012804ed571e5893614 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Sep 2022 13:35:38 -0400 +Subject: i2c: mlxbf: incorrect base address passed during io write + +From: Asmaa Mnebhi + +[ Upstream commit 2a5be6d1340c0fefcee8a6489cff7fd88a0d5b85 ] + +Correct the base address used during io write. +This bug had no impact over the overall functionality of the read and write +transactions. MLXBF_I2C_CAUSE_OR_CLEAR=0x18 so writing to (smbus->io + 0x18) +instead of (mst_cause->ioi + 0x18) actually writes to the sc_low_timeout +register which just sets the timeout value before a read/write aborts. + +Fixes: b5b5b32081cd206b (i2c: mlxbf: I2C SMBus driver for Mellanox BlueField SoC) +Reviewed-by: Khalil Blaiech +Signed-off-by: Asmaa Mnebhi +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-mlxbf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/i2c-mlxbf.c b/drivers/i2c/busses/i2c-mlxbf.c +index 8716032f030a..612736906440 100644 +--- a/drivers/i2c/busses/i2c-mlxbf.c ++++ b/drivers/i2c/busses/i2c-mlxbf.c +@@ -669,7 +669,7 @@ static int mlxbf_i2c_smbus_enable(struct mlxbf_i2c_priv *priv, u8 slave, + /* Clear status bits. */ + writel(0x0, priv->smbus->io + MLXBF_I2C_SMBUS_MASTER_STATUS); + /* Set the cause data. */ +- writel(~0x0, priv->smbus->io + MLXBF_I2C_CAUSE_OR_CLEAR); ++ writel(~0x0, priv->mst_cause->io + MLXBF_I2C_CAUSE_OR_CLEAR); + /* Zero PEC byte. */ + writel(0x0, priv->smbus->io + MLXBF_I2C_SMBUS_MASTER_PEC); + /* Zero byte count. */ +-- +2.35.1 + diff --git a/queue-5.19/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch b/queue-5.19/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch new file mode 100644 index 00000000000..40421a0a58e --- /dev/null +++ b/queue-5.19/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch @@ -0,0 +1,39 @@ +From e69ca83dcf000f6f8247cdfba2bf4e500355f53e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Sep 2022 13:35:39 -0400 +Subject: i2c: mlxbf: prevent stack overflow in + mlxbf_i2c_smbus_start_transaction() + +From: Asmaa Mnebhi + +[ Upstream commit de24aceb07d426b6f1c59f33889d6a964770547b ] + +memcpy() is called in a loop while 'operation->length' upper bound +is not checked and 'data_idx' also increments. + +Fixes: b5b5b32081cd206b ("i2c: mlxbf: I2C SMBus driver for Mellanox BlueField SoC") +Reviewed-by: Khalil Blaiech +Signed-off-by: Asmaa Mnebhi +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-mlxbf.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/i2c/busses/i2c-mlxbf.c b/drivers/i2c/busses/i2c-mlxbf.c +index 612736906440..ac93c0ccf53c 100644 +--- a/drivers/i2c/busses/i2c-mlxbf.c ++++ b/drivers/i2c/busses/i2c-mlxbf.c +@@ -738,6 +738,9 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv, + if (flags & MLXBF_I2C_F_WRITE) { + write_en = 1; + write_len += operation->length; ++ if (data_idx + operation->length > ++ MLXBF_I2C_MASTER_DATA_DESC_SIZE) ++ return -ENOBUFS; + memcpy(data_desc + data_idx, + operation->buffer, operation->length); + data_idx += operation->length; +-- +2.35.1 + diff --git a/queue-5.19/i2c-mux-harden-i2c_mux_alloc-against-integer-overflo.patch b/queue-5.19/i2c-mux-harden-i2c_mux_alloc-against-integer-overflo.patch new file mode 100644 index 00000000000..0373e568947 --- /dev/null +++ b/queue-5.19/i2c-mux-harden-i2c_mux_alloc-against-integer-overflo.patch @@ -0,0 +1,46 @@ +From e0a49fbfc479eb41a8df0e03f3304d4b695610ea Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 15 Sep 2022 14:30:58 +0300 +Subject: i2c: mux: harden i2c_mux_alloc() against integer overflows + +From: Dan Carpenter + +[ Upstream commit b7af938f4379a884f15713319648a7653497a907 ] + +A couple years back we went through the kernel an automatically +converted size calculations to use struct_size() instead. The +struct_size() calculation is protected against integer overflows. + +However it does not make sense to use the result from struct_size() +for additional math operations as that would negate any safeness. + +Fixes: 1f3b69b6b939 ("i2c: mux: Use struct_size() in devm_kzalloc()") +Signed-off-by: Dan Carpenter +Acked-by: Peter Rosin +Reviewed-by: Gustavo A. R. Silva +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/i2c-mux.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/i2c/i2c-mux.c b/drivers/i2c/i2c-mux.c +index 774507b54b57..313904be5f3b 100644 +--- a/drivers/i2c/i2c-mux.c ++++ b/drivers/i2c/i2c-mux.c +@@ -243,9 +243,10 @@ struct i2c_mux_core *i2c_mux_alloc(struct i2c_adapter *parent, + int (*deselect)(struct i2c_mux_core *, u32)) + { + struct i2c_mux_core *muxc; ++ size_t mux_size; + +- muxc = devm_kzalloc(dev, struct_size(muxc, adapter, max_adapters) +- + sizeof_priv, GFP_KERNEL); ++ mux_size = struct_size(muxc, adapter, max_adapters); ++ muxc = devm_kzalloc(dev, size_add(mux_size, sizeof_priv), GFP_KERNEL); + if (!muxc) + return NULL; + if (sizeof_priv) +-- +2.35.1 + diff --git a/queue-5.19/makefile.debug-re-enable-debug-info-for-.s-files.patch b/queue-5.19/makefile.debug-re-enable-debug-info-for-.s-files.patch new file mode 100644 index 00000000000..a01aa09cca2 --- /dev/null +++ b/queue-5.19/makefile.debug-re-enable-debug-info-for-.s-files.patch @@ -0,0 +1,94 @@ +From dee0e1c81462ceece414b67ccf6bf5044869d075 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 19 Sep 2022 10:45:47 -0700 +Subject: Makefile.debug: re-enable debug info for .S files + +From: Nick Desaulniers + +[ Upstream commit 32ef9e5054ec0321b9336058c58ec749e9c6b0fe ] + +Alexey reported that the fraction of unknown filename instances in +kallsyms grew from ~0.3% to ~10% recently; Bill and Greg tracked it down +to assembler defined symbols, which regressed as a result of: + +commit b8a9092330da ("Kbuild: do not emit debug info for assembly with LLVM_IAS=1") + +In that commit, I allude to restoring debug info for assembler defined +symbols in a follow up patch, but it seems I forgot to do so in + +commit a66049e2cf0e ("Kbuild: make DWARF version a choice") + +Link: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=31bf18645d98b4d3d7357353be840e320649a67d +Fixes: b8a9092330da ("Kbuild: do not emit debug info for assembly with LLVM_IAS=1") +Reported-by: Alexey Alexandrov +Reported-by: Bill Wendling +Reported-by: Greg Thelen +Reviewed-by: Nathan Chancellor +Suggested-by: Masahiro Yamada +Signed-off-by: Nick Desaulniers +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + lib/Kconfig.debug | 4 +++- + scripts/Makefile.debug | 21 +++++++++++---------- + 2 files changed, 14 insertions(+), 11 deletions(-) + +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 2e24db4bff19..c399ab486557 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -264,8 +264,10 @@ config DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT + config DEBUG_INFO_DWARF4 + bool "Generate DWARF Version 4 debuginfo" + select DEBUG_INFO ++ depends on !CC_IS_CLANG || (CC_IS_CLANG && (AS_IS_LLVM || (AS_IS_GNU && AS_VERSION >= 23502))) + help +- Generate DWARF v4 debug info. This requires gcc 4.5+ and gdb 7.0+. ++ Generate DWARF v4 debug info. This requires gcc 4.5+, binutils 2.35.2 ++ if using clang without clang's integrated assembler, and gdb 7.0+. + + If you have consumers of DWARF debug info that are not ready for + newer revisions of DWARF, you may wish to choose this or have your +diff --git a/scripts/Makefile.debug b/scripts/Makefile.debug +index 26d6a9d97a20..8cf1cb22dd93 100644 +--- a/scripts/Makefile.debug ++++ b/scripts/Makefile.debug +@@ -1,18 +1,19 @@ +-DEBUG_CFLAGS := -g ++DEBUG_CFLAGS := ++debug-flags-y := -g + + ifdef CONFIG_DEBUG_INFO_SPLIT + DEBUG_CFLAGS += -gsplit-dwarf + endif + +-ifndef CONFIG_AS_IS_LLVM +-KBUILD_AFLAGS += -Wa,-gdwarf-2 +-endif +- +-ifndef CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT +-dwarf-version-$(CONFIG_DEBUG_INFO_DWARF4) := 4 +-dwarf-version-$(CONFIG_DEBUG_INFO_DWARF5) := 5 +-DEBUG_CFLAGS += -gdwarf-$(dwarf-version-y) ++debug-flags-$(CONFIG_DEBUG_INFO_DWARF4) += -gdwarf-4 ++debug-flags-$(CONFIG_DEBUG_INFO_DWARF5) += -gdwarf-5 ++ifeq ($(CONFIG_CC_IS_CLANG)$(CONFIG_AS_IS_GNU),yy) ++# Clang does not pass -g or -gdwarf-* option down to GAS. ++# Add -Wa, prefix to explicitly specify the flags. ++KBUILD_AFLAGS += $(addprefix -Wa$(comma), $(debug-flags-y)) + endif ++DEBUG_CFLAGS += $(debug-flags-y) ++KBUILD_AFLAGS += $(debug-flags-y) + + ifdef CONFIG_DEBUG_INFO_REDUCED + DEBUG_CFLAGS += -fno-var-tracking +@@ -27,5 +28,5 @@ KBUILD_AFLAGS += -gz=zlib + KBUILD_LDFLAGS += --compress-debug-sections=zlib + endif + +-KBUILD_CFLAGS += $(DEBUG_CFLAGS) ++KBUILD_CFLAGS += $(DEBUG_CFLAGS) + export DEBUG_CFLAGS +-- +2.35.1 + diff --git a/queue-5.19/makefile.debug-set-g-unconditional-on-config_debug_i.patch b/queue-5.19/makefile.debug-set-g-unconditional-on-config_debug_i.patch new file mode 100644 index 00000000000..0847da9396b --- /dev/null +++ b/queue-5.19/makefile.debug-set-g-unconditional-on-config_debug_i.patch @@ -0,0 +1,56 @@ +From 9dc8a185dad92c12c1ff040b0ff41b2d5ac2adf0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 19 Sep 2022 10:30:30 -0700 +Subject: Makefile.debug: set -g unconditional on CONFIG_DEBUG_INFO_SPLIT + +From: Nick Desaulniers + +[ Upstream commit 61f2b7c7497ba96cdde5bbaeb9e07f4c48f41f97 ] + +Dmitrii, Fangrui, and Mashahiro note: + + Before GCC 11 and Clang 12 -gsplit-dwarf implicitly uses -g2. + +Fix CONFIG_DEBUG_INFO_SPLIT for gcc-11+ & clang-12+ which now need -g +specified in order for -gsplit-dwarf to work at all. + +-gsplit-dwarf has been mutually exclusive with -g since support for +CONFIG_DEBUG_INFO_SPLIT was introduced in +commit 866ced950bcd ("kbuild: Support split debug info v4") +I don't think it ever needed to be. + +Link: https://lore.kernel.org/lkml/20220815013317.26121-1-dmitrii.bundin.a@gmail.com/ +Link: https://lore.kernel.org/lkml/CAK7LNARPAmsJD5XKAw7m_X2g7Fi-CAAsWDQiP7+ANBjkg7R7ng@mail.gmail.com/ +Link: https://reviews.llvm.org/D80391 +Cc: Andi Kleen +Reported-by: Dmitrii Bundin +Reported-by: Fangrui Song +Reported-by: Masahiro Yamada +Suggested-by: Dmitrii Bundin +Reviewed-by: Nathan Chancellor +Signed-off-by: Nick Desaulniers +Signed-off-by: Masahiro Yamada +Stable-dep-of: 32ef9e5054ec ("Makefile.debug: re-enable debug info for .S files") +Signed-off-by: Sasha Levin +--- + scripts/Makefile.debug | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/scripts/Makefile.debug b/scripts/Makefile.debug +index 9f39b0130551..26d6a9d97a20 100644 +--- a/scripts/Makefile.debug ++++ b/scripts/Makefile.debug +@@ -1,9 +1,7 @@ +-DEBUG_CFLAGS := ++DEBUG_CFLAGS := -g + + ifdef CONFIG_DEBUG_INFO_SPLIT + DEBUG_CFLAGS += -gsplit-dwarf +-else +-DEBUG_CFLAGS += -g + endif + + ifndef CONFIG_AS_IS_LLVM +-- +2.35.1 + diff --git a/queue-5.19/pmem-fix-a-name-collision.patch b/queue-5.19/pmem-fix-a-name-collision.patch new file mode 100644 index 00000000000..dea3cae5c88 --- /dev/null +++ b/queue-5.19/pmem-fix-a-name-collision.patch @@ -0,0 +1,78 @@ +From f66754661f925ec7cd6143df02bb4e0c01a5d9c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 30 Jun 2022 12:28:02 -0600 +Subject: pmem: fix a name collision + +From: Jane Chu + +[ Upstream commit 149d17140bcedc906082c4f874dec98b1ffc5a90 ] + +Kernel test robot detected name collision when compiled on 'um' +architecture. Rename "to_phys()" to "pmem_to_phys()". + +>> drivers/nvdimm/pmem.c:48:20: error: conflicting types for 'to_phys'; have 'phys_addr_t(struct pmem_device *, phys_addr_t)' {aka 'long long unsigned int(struct pmem_device *, long long unsigned int)'} + 48 | static phys_addr_t to_phys(struct pmem_device *pmem, phys_addr_t offset) + | ^~~~~~~ + In file included from arch/um/include/asm/page.h:98, + from arch/um/include/asm/thread_info.h:15, + from include/linux/thread_info.h:60, + from include/asm-generic/preempt.h:5, + from ./arch/um/include/generated/asm/preempt.h:1, + + arch/um/include/shared/mem.h:12:29: note: previous definition of 'to_phys' with type 'long unsigned int(void *)' + 12 | static inline unsigned long to_phys(void *virt) + | ^~~~~~~ + +vim +48 drivers/nvdimm/pmem.c + 47 + > 48 static phys_addr_t to_phys(struct pmem_device *pmem, phys_addr_t offset) + 49 { + 50 return pmem->phys_addr + offset; + 51 } + 52 + +Fixes: 9409c9b6709e (pmem: refactor pmem_clear_poison()) +Reported-by: kernel test robot +Signed-off-by: Jane Chu +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20220630182802.3250449-1-jane.chu@oracle.com +Signed-off-by: Dan Williams +Signed-off-by: Sasha Levin +--- + drivers/nvdimm/pmem.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c +index 629d10fcf53b..b9f1a8e9f88c 100644 +--- a/drivers/nvdimm/pmem.c ++++ b/drivers/nvdimm/pmem.c +@@ -45,7 +45,7 @@ static struct nd_region *to_region(struct pmem_device *pmem) + return to_nd_region(to_dev(pmem)->parent); + } + +-static phys_addr_t to_phys(struct pmem_device *pmem, phys_addr_t offset) ++static phys_addr_t pmem_to_phys(struct pmem_device *pmem, phys_addr_t offset) + { + return pmem->phys_addr + offset; + } +@@ -63,7 +63,7 @@ static phys_addr_t to_offset(struct pmem_device *pmem, sector_t sector) + static void pmem_mkpage_present(struct pmem_device *pmem, phys_addr_t offset, + unsigned int len) + { +- phys_addr_t phys = to_phys(pmem, offset); ++ phys_addr_t phys = pmem_to_phys(pmem, offset); + unsigned long pfn_start, pfn_end, pfn; + + /* only pmem in the linear map supports HWPoison */ +@@ -97,7 +97,7 @@ static void pmem_clear_bb(struct pmem_device *pmem, sector_t sector, long blks) + static long __pmem_clear_poison(struct pmem_device *pmem, + phys_addr_t offset, unsigned int len) + { +- phys_addr_t phys = to_phys(pmem, offset); ++ phys_addr_t phys = pmem_to_phys(pmem, offset); + long cleared = nvdimm_clear_poison(to_dev(pmem), phys, len); + + if (cleared > 0) { +-- +2.35.1 + diff --git a/queue-5.19/series b/queue-5.19/series index 4b746ddc700..a8cffcf43ba 100644 --- a/queue-5.19/series +++ b/queue-5.19/series @@ -184,3 +184,15 @@ drm-amd-display-reduce-number-of-arguments-of-dml31-.patch-21191 drm-amd-display-mark-dml30-s-useminimumdcfclk-as-noi.patch drm-rockchip-fix-return-type-of-cdn_dp_connector_mod.patch gpio-mt7621-make-the-irqchip-immutable.patch +pmem-fix-a-name-collision.patch +fsdax-fix-infinite-loop-in-dax_iomap_rw.patch +workqueue-don-t-skip-lockdep-work-dependency-in-canc.patch +i2c-imx-if-pm_runtime_get_sync-returned-1-device-acc.patch +i2c-mlxbf-incorrect-base-address-passed-during-io-wr.patch +i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch +i2c-mlxbf-fix-frequency-calculation.patch +i2c-mux-harden-i2c_mux_alloc-against-integer-overflo.patch +drm-amdgpu-don-t-register-a-dirty-callback-for-non-a.patch +certs-make-system-keyring-depend-on-built-in-x509-pa.patch +makefile.debug-set-g-unconditional-on-config_debug_i.patch +makefile.debug-re-enable-debug-info-for-.s-files.patch diff --git a/queue-5.19/workqueue-don-t-skip-lockdep-work-dependency-in-canc.patch b/queue-5.19/workqueue-don-t-skip-lockdep-work-dependency-in-canc.patch new file mode 100644 index 00000000000..9736a6aecf0 --- /dev/null +++ b/queue-5.19/workqueue-don-t-skip-lockdep-work-dependency-in-canc.patch @@ -0,0 +1,98 @@ +From df8fa2aff38a117058ec25dcbcee93c466269c7f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Jul 2022 13:30:23 +0900 +Subject: workqueue: don't skip lockdep work dependency in cancel_work_sync() + +From: Tetsuo Handa + +[ Upstream commit c0feea594e058223973db94c1c32a830c9807c86 ] + +Like Hillf Danton mentioned + + syzbot should have been able to catch cancel_work_sync() in work context + by checking lockdep_map in __flush_work() for both flush and cancel. + +in [1], being unable to report an obvious deadlock scenario shown below is +broken. From locking dependency perspective, sync version of cancel request +should behave as if flush request, for it waits for completion of work if +that work has already started execution. + + ---------- + #include + #include + static DEFINE_MUTEX(mutex); + static void work_fn(struct work_struct *work) + { + schedule_timeout_uninterruptible(HZ / 5); + mutex_lock(&mutex); + mutex_unlock(&mutex); + } + static DECLARE_WORK(work, work_fn); + static int __init test_init(void) + { + schedule_work(&work); + schedule_timeout_uninterruptible(HZ / 10); + mutex_lock(&mutex); + cancel_work_sync(&work); + mutex_unlock(&mutex); + return -EINVAL; + } + module_init(test_init); + MODULE_LICENSE("GPL"); + ---------- + +The check this patch restores was added by commit 0976dfc1d0cd80a4 +("workqueue: Catch more locking problems with flush_work()"). + +Then, lockdep's crossrelease feature was added by commit b09be676e0ff25bd +("locking/lockdep: Implement the 'crossrelease' feature"). As a result, +this check was once removed by commit fd1a5b04dfb899f8 ("workqueue: Remove +now redundant lock acquisitions wrt. workqueue flushes"). + +But lockdep's crossrelease feature was removed by commit e966eaeeb623f099 +("locking/lockdep: Remove the cross-release locking checks"). At this +point, this check should have been restored. + +Then, commit d6e89786bed977f3 ("workqueue: skip lockdep wq dependency in +cancel_work_sync()") introduced a boolean flag in order to distinguish +flush_work() and cancel_work_sync(), for checking "struct workqueue_struct" +dependency when called from cancel_work_sync() was causing false positives. + +Then, commit 87915adc3f0acdf0 ("workqueue: re-add lockdep dependencies for +flushing") tried to restore "struct work_struct" dependency check, but by +error checked this boolean flag. Like an example shown above indicates, +"struct work_struct" dependency needs to be checked for both flush_work() +and cancel_work_sync(). + +Link: https://lkml.kernel.org/r/20220504044800.4966-1-hdanton@sina.com [1] +Reported-by: Hillf Danton +Suggested-by: Lai Jiangshan +Fixes: 87915adc3f0acdf0 ("workqueue: re-add lockdep dependencies for flushing") +Cc: Johannes Berg +Signed-off-by: Tetsuo Handa +Signed-off-by: Tejun Heo +Signed-off-by: Sasha Levin +--- + kernel/workqueue.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/kernel/workqueue.c b/kernel/workqueue.c +index aa8a82bc6738..fc6e4f252345 100644 +--- a/kernel/workqueue.c ++++ b/kernel/workqueue.c +@@ -3066,10 +3066,8 @@ static bool __flush_work(struct work_struct *work, bool from_cancel) + if (WARN_ON(!work->func)) + return false; + +- if (!from_cancel) { +- lock_map_acquire(&work->lockdep_map); +- lock_map_release(&work->lockdep_map); +- } ++ lock_map_acquire(&work->lockdep_map); ++ lock_map_release(&work->lockdep_map); + + if (start_flush_work(work, &barr, from_cancel)) { + wait_for_completion(&barr.done); +-- +2.35.1 + -- 2.47.3