From 1af847a955a552d3027cf9aa2fd8b22dbe67d60c Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 4 Mar 2024 08:34:34 +0100 Subject: [PATCH] 6.6-stable patches added patches: efivarfs-request-at-most-512-bytes-for-variable-names.patch iommufd-fix-iopt_access_list_id-overwrite-bug.patch kbuild-add-wa-fatal-warnings-to-as-instr-invocation.patch risc-v-drop-invalid-test-from-config_as_has_option_arch.patch riscv-add-caller_addrx-support.patch --- ...at-most-512-bytes-for-variable-names.patch | 74 +++++++++++ ...ix-iopt_access_list_id-overwrite-bug.patch | 76 +++++++++++ ...atal-warnings-to-as-instr-invocation.patch | 60 +++++++++ ...-test-from-config_as_has_option_arch.patch | 71 ++++++++++ .../riscv-add-caller_addrx-support.patch | 122 ++++++++++++++++++ queue-6.6/series | 5 + 6 files changed, 408 insertions(+) create mode 100644 queue-6.6/efivarfs-request-at-most-512-bytes-for-variable-names.patch create mode 100644 queue-6.6/iommufd-fix-iopt_access_list_id-overwrite-bug.patch create mode 100644 queue-6.6/kbuild-add-wa-fatal-warnings-to-as-instr-invocation.patch create mode 100644 queue-6.6/risc-v-drop-invalid-test-from-config_as_has_option_arch.patch create mode 100644 queue-6.6/riscv-add-caller_addrx-support.patch diff --git a/queue-6.6/efivarfs-request-at-most-512-bytes-for-variable-names.patch b/queue-6.6/efivarfs-request-at-most-512-bytes-for-variable-names.patch new file mode 100644 index 00000000000..3e53993e24f --- /dev/null +++ b/queue-6.6/efivarfs-request-at-most-512-bytes-for-variable-names.patch @@ -0,0 +1,74 @@ +From f45812cc23fb74bef62d4eb8a69fe7218f4b9f2a Mon Sep 17 00:00:00 2001 +From: Tim Schumacher +Date: Fri, 26 Jan 2024 17:25:23 +0100 +Subject: efivarfs: Request at most 512 bytes for variable names + +From: Tim Schumacher + +commit f45812cc23fb74bef62d4eb8a69fe7218f4b9f2a upstream. + +Work around a quirk in a few old (2011-ish) UEFI implementations, where +a call to `GetNextVariableName` with a buffer size larger than 512 bytes +will always return EFI_INVALID_PARAMETER. + +There is some lore around EFI variable names being up to 1024 bytes in +size, but this has no basis in the UEFI specification, and the upper +bounds are typically platform specific, and apply to the entire variable +(name plus payload). + +Given that Linux does not permit creating files with names longer than +NAME_MAX (255) bytes, 512 bytes (== 256 UTF-16 characters) is a +reasonable limit. + +Cc: # 6.1+ +Signed-off-by: Tim Schumacher +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + fs/efivarfs/vars.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +--- a/fs/efivarfs/vars.c ++++ b/fs/efivarfs/vars.c +@@ -372,7 +372,7 @@ static void dup_variable_bug(efi_char16_ + int efivar_init(int (*func)(efi_char16_t *, efi_guid_t, unsigned long, void *), + void *data, bool duplicates, struct list_head *head) + { +- unsigned long variable_name_size = 1024; ++ unsigned long variable_name_size = 512; + efi_char16_t *variable_name; + efi_status_t status; + efi_guid_t vendor_guid; +@@ -389,12 +389,13 @@ int efivar_init(int (*func)(efi_char16_t + goto free; + + /* +- * Per EFI spec, the maximum storage allocated for both +- * the variable name and variable data is 1024 bytes. ++ * A small set of old UEFI implementations reject sizes ++ * above a certain threshold, the lowest seen in the wild ++ * is 512. + */ + + do { +- variable_name_size = 1024; ++ variable_name_size = 512; + + status = efivar_get_next_variable(&variable_name_size, + variable_name, +@@ -431,9 +432,13 @@ int efivar_init(int (*func)(efi_char16_t + break; + case EFI_NOT_FOUND: + break; ++ case EFI_BUFFER_TOO_SMALL: ++ pr_warn("efivars: Variable name size exceeds maximum (%lu > 512)\n", ++ variable_name_size); ++ status = EFI_NOT_FOUND; ++ break; + default: +- printk(KERN_WARNING "efivars: get_next_variable: status=%lx\n", +- status); ++ pr_warn("efivars: get_next_variable: status=%lx\n", status); + status = EFI_NOT_FOUND; + break; + } diff --git a/queue-6.6/iommufd-fix-iopt_access_list_id-overwrite-bug.patch b/queue-6.6/iommufd-fix-iopt_access_list_id-overwrite-bug.patch new file mode 100644 index 00000000000..57fe65371a8 --- /dev/null +++ b/queue-6.6/iommufd-fix-iopt_access_list_id-overwrite-bug.patch @@ -0,0 +1,76 @@ +From aeb004c0cd6958e910123a1607634401009c9539 Mon Sep 17 00:00:00 2001 +From: Nicolin Chen +Date: Thu, 22 Feb 2024 13:23:45 -0800 +Subject: iommufd: Fix iopt_access_list_id overwrite bug + +From: Nicolin Chen + +commit aeb004c0cd6958e910123a1607634401009c9539 upstream. + +Syzkaller reported the following WARN_ON: + WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/io_pagetable.c:1360 + + Call Trace: + iommufd_access_change_ioas+0x2fe/0x4e0 + iommufd_access_destroy_object+0x50/0xb0 + iommufd_object_remove+0x2a3/0x490 + iommufd_object_destroy_user + iommufd_access_destroy+0x71/0xb0 + iommufd_test_staccess_release+0x89/0xd0 + __fput+0x272/0xb50 + __fput_sync+0x4b/0x60 + __do_sys_close + __se_sys_close + __x64_sys_close+0x8b/0x110 + do_syscall_x64 + +The mismatch between the access pointer in the list and the passed-in +pointer is resulting from an overwrite of access->iopt_access_list_id, in +iopt_add_access(). Called from iommufd_access_change_ioas() when +xa_alloc() succeeds but iopt_calculate_iova_alignment() fails. + +Add a new_id in iopt_add_access() and only update iopt_access_list_id when +returning successfully. + +Cc: stable@vger.kernel.org +Fixes: 9227da7816dd ("iommufd: Add iommufd_access_change_ioas(_id) helpers") +Link: https://lore.kernel.org/r/2dda7acb25b8562ec5f1310de828ef5da9ef509c.1708636627.git.nicolinc@nvidia.com +Reported-by: Jason Gunthorpe +Suggested-by: Jason Gunthorpe +Signed-off-by: Nicolin Chen +Reviewed-by: Kevin Tian +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iommu/iommufd/io_pagetable.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/iommu/iommufd/io_pagetable.c ++++ b/drivers/iommu/iommufd/io_pagetable.c +@@ -1158,20 +1158,23 @@ out_unlock: + + int iopt_add_access(struct io_pagetable *iopt, struct iommufd_access *access) + { ++ u32 new_id; + int rc; + + down_write(&iopt->domains_rwsem); + down_write(&iopt->iova_rwsem); +- rc = xa_alloc(&iopt->access_list, &access->iopt_access_list_id, access, +- xa_limit_16b, GFP_KERNEL_ACCOUNT); ++ rc = xa_alloc(&iopt->access_list, &new_id, access, xa_limit_16b, ++ GFP_KERNEL_ACCOUNT); ++ + if (rc) + goto out_unlock; + + rc = iopt_calculate_iova_alignment(iopt); + if (rc) { +- xa_erase(&iopt->access_list, access->iopt_access_list_id); ++ xa_erase(&iopt->access_list, new_id); + goto out_unlock; + } ++ access->iopt_access_list_id = new_id; + + out_unlock: + up_write(&iopt->iova_rwsem); diff --git a/queue-6.6/kbuild-add-wa-fatal-warnings-to-as-instr-invocation.patch b/queue-6.6/kbuild-add-wa-fatal-warnings-to-as-instr-invocation.patch new file mode 100644 index 00000000000..c6e6f5ab0c8 --- /dev/null +++ b/queue-6.6/kbuild-add-wa-fatal-warnings-to-as-instr-invocation.patch @@ -0,0 +1,60 @@ +From 0ee695a471a750cad4fff22286d91e038b1ef62f Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Thu, 25 Jan 2024 10:32:11 -0700 +Subject: kbuild: Add -Wa,--fatal-warnings to as-instr invocation + +From: Nathan Chancellor + +commit 0ee695a471a750cad4fff22286d91e038b1ef62f upstream. + +Certain assembler instruction tests may only induce warnings from the +assembler on an unsupported instruction or option, which causes as-instr +to succeed when it was expected to fail. Some tests workaround this +limitation by additionally testing that invalid input fails as expected. +However, this is fragile if the assembler is changed to accept the +invalid input, as it will cause the instruction/option to be unavailable +like it was unsupported even when it is. + +Use '-Wa,--fatal-warnings' in the as-instr macro to turn these warnings +into hard errors, which avoids this fragility and makes tests more +robust and well formed. + +Cc: stable@vger.kernel.org +Suggested-by: Eric Biggers +Signed-off-by: Nathan Chancellor +Tested-by: Eric Biggers +Tested-by: Andy Chiu +Reviewed-by: Andy Chiu +Tested-by: Conor Dooley +Reviewed-by: Conor Dooley +Acked-by: Masahiro Yamada +Link: https://lore.kernel.org/r/20240125-fix-riscv-option-arch-llvm-18-v1-1-390ac9cc3cd0@kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + scripts/Kconfig.include | 2 +- + scripts/Makefile.compiler | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/scripts/Kconfig.include ++++ b/scripts/Kconfig.include +@@ -33,7 +33,7 @@ ld-option = $(success,$(LD) -v $(1)) + + # $(as-instr,) + # Return y if the assembler supports , n otherwise +-as-instr = $(success,printf "%b\n" "$(1)" | $(CC) $(CLANG_FLAGS) -c -x assembler-with-cpp -o /dev/null -) ++as-instr = $(success,printf "%b\n" "$(1)" | $(CC) $(CLANG_FLAGS) -Wa$(comma)--fatal-warnings -c -x assembler-with-cpp -o /dev/null -) + + # check if $(CC) and $(LD) exist + $(error-if,$(failure,command -v $(CC)),C compiler '$(CC)' not found) +--- a/scripts/Makefile.compiler ++++ b/scripts/Makefile.compiler +@@ -38,7 +38,7 @@ as-option = $(call try-run,\ + # Usage: aflags-y += $(call as-instr,instr,option1,option2) + + as-instr = $(call try-run,\ +- printf "%b\n" "$(1)" | $(CC) -Werror $(CLANG_FLAGS) $(KBUILD_AFLAGS) -c -x assembler-with-cpp -o "$$TMP" -,$(2),$(3)) ++ printf "%b\n" "$(1)" | $(CC) -Werror $(CLANG_FLAGS) $(KBUILD_AFLAGS) -Wa$(comma)--fatal-warnings -c -x assembler-with-cpp -o "$$TMP" -,$(2),$(3)) + + # __cc-option + # Usage: MY_CFLAGS += $(call __cc-option,$(CC),$(MY_CFLAGS),-march=winchip-c6,-march=i586) diff --git a/queue-6.6/risc-v-drop-invalid-test-from-config_as_has_option_arch.patch b/queue-6.6/risc-v-drop-invalid-test-from-config_as_has_option_arch.patch new file mode 100644 index 00000000000..56ff85b0319 --- /dev/null +++ b/queue-6.6/risc-v-drop-invalid-test-from-config_as_has_option_arch.patch @@ -0,0 +1,71 @@ +From 3aff0c459e77ac0fb1c4d6884433467f797f7357 Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Thu, 25 Jan 2024 10:32:12 -0700 +Subject: RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH + +From: Nathan Chancellor + +commit 3aff0c459e77ac0fb1c4d6884433467f797f7357 upstream. + +Commit e4bb020f3dbb ("riscv: detect assembler support for .option arch") +added two tests, one for a valid value to '.option arch' that should +succeed and one for an invalid value that is expected to fail to make +sure that support for '.option arch' is properly detected because Clang +does not error when '.option arch' is not supported: + + $ clang --target=riscv64-linux-gnu -Werror -x assembler -c -o /dev/null <(echo '.option arch, +m') + /dev/fd/63:1:9: warning: unknown option, expected 'push', 'pop', 'rvc', 'norvc', 'relax' or 'norelax' + .option arch, +m + ^ + $ echo $? + 0 + +Unfortunately, the invalid test started being accepted by Clang after +the linked llvm-project change, which causes CONFIG_AS_HAS_OPTION_ARCH +and configurations that depend on it to be silently disabled, even +though those versions do support '.option arch'. + +The invalid test can be avoided altogether by using +'-Wa,--fatal-warnings', which will turn all assembler warnings into +errors, like '-Werror' does for the compiler: + + $ clang --target=riscv64-linux-gnu -Werror -Wa,--fatal-warnings -x assembler -c -o /dev/null <(echo '.option arch, +m') + /dev/fd/63:1:9: error: unknown option, expected 'push', 'pop', 'rvc', 'norvc', 'relax' or 'norelax' + .option arch, +m + ^ + $ echo $? + 1 + +The as-instr macros have been updated to make use of this flag, so +remove the invalid test, which allows CONFIG_AS_HAS_OPTION_ARCH to work +for all compiler versions. + +Cc: stable@vger.kernel.org +Fixes: e4bb020f3dbb ("riscv: detect assembler support for .option arch") +Link: https://github.com/llvm/llvm-project/commit/3ac9fe69f70a2b3541266daedbaaa7dc9c007a2a +Reported-by: Eric Biggers +Closes: https://lore.kernel.org/r/20240121011341.GA97368@sol.localdomain/ +Signed-off-by: Nathan Chancellor +Tested-by: Eric Biggers +Tested-by: Andy Chiu +Reviewed-by: Andy Chiu +Tested-by: Conor Dooley +Reviewed-by: Conor Dooley +Acked-by: Masahiro Yamada +Link: https://lore.kernel.org/r/20240125-fix-riscv-option-arch-llvm-18-v1-2-390ac9cc3cd0@kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/Kconfig | 1 - + 1 file changed, 1 deletion(-) + +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -287,7 +287,6 @@ config AS_HAS_OPTION_ARCH + # https://reviews.llvm.org/D123515 + def_bool y + depends on $(as-instr, .option arch$(comma) +m) +- depends on !$(as-instr, .option arch$(comma) -i) + + source "arch/riscv/Kconfig.socs" + source "arch/riscv/Kconfig.errata" diff --git a/queue-6.6/riscv-add-caller_addrx-support.patch b/queue-6.6/riscv-add-caller_addrx-support.patch new file mode 100644 index 00000000000..d64c77ce5f0 --- /dev/null +++ b/queue-6.6/riscv-add-caller_addrx-support.patch @@ -0,0 +1,122 @@ +From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 +From: Zong Li +Date: Fri, 2 Feb 2024 01:51:02 +0000 +Subject: riscv: add CALLER_ADDRx support + +From: Zong Li + +commit 680341382da56bd192ebfa4e58eaf4fec2e5bca7 upstream. + +CALLER_ADDRx returns caller's address at specified level, they are used +for several tracers. These macros eventually use +__builtin_return_address(n) to get the caller's address if arch doesn't +define their own implementation. + +In RISC-V, __builtin_return_address(n) only works when n == 0, we need +to walk the stack frame to get the caller's address at specified level. + +data.level started from 'level + 3' due to the call flow of getting +caller's address in RISC-V implementation. If we don't have additional +three iteration, the level is corresponding to follows: + +callsite -> return_address -> arch_stack_walk -> walk_stackframe +| | | | +level 3 level 2 level 1 level 0 + +Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") +Cc: stable@vger.kernel.org +Reviewed-by: Alexandre Ghiti +Signed-off-by: Zong Li +Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/ftrace.h | 5 +++ + arch/riscv/kernel/Makefile | 2 + + arch/riscv/kernel/return_address.c | 48 +++++++++++++++++++++++++++++++++++++ + 3 files changed, 55 insertions(+) + create mode 100644 arch/riscv/kernel/return_address.c + +--- a/arch/riscv/include/asm/ftrace.h ++++ b/arch/riscv/include/asm/ftrace.h +@@ -25,6 +25,11 @@ + + #define ARCH_SUPPORTS_FTRACE_OPS 1 + #ifndef __ASSEMBLY__ ++ ++extern void *return_address(unsigned int level); ++ ++#define ftrace_return_address(n) return_address(n) ++ + void MCOUNT_NAME(void); + static inline unsigned long ftrace_call_adjust(unsigned long addr) + { +--- a/arch/riscv/kernel/Makefile ++++ b/arch/riscv/kernel/Makefile +@@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE + CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) + CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) + CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) ++CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) + endif + CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) + CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) +@@ -46,6 +47,7 @@ obj-y += irq.o + obj-y += process.o + obj-y += ptrace.o + obj-y += reset.o ++obj-y += return_address.o + obj-y += setup.o + obj-y += signal.o + obj-y += syscall_table.o +--- /dev/null ++++ b/arch/riscv/kernel/return_address.c +@@ -0,0 +1,48 @@ ++// SPDX-License-Identifier: GPL-2.0-only ++/* ++ * This code come from arch/arm64/kernel/return_address.c ++ * ++ * Copyright (C) 2023 SiFive. ++ */ ++ ++#include ++#include ++#include ++ ++struct return_address_data { ++ unsigned int level; ++ void *addr; ++}; ++ ++static bool save_return_addr(void *d, unsigned long pc) ++{ ++ struct return_address_data *data = d; ++ ++ if (!data->level) { ++ data->addr = (void *)pc; ++ return false; ++ } ++ ++ --data->level; ++ ++ return true; ++} ++NOKPROBE_SYMBOL(save_return_addr); ++ ++noinline void *return_address(unsigned int level) ++{ ++ struct return_address_data data; ++ ++ data.level = level + 3; ++ data.addr = NULL; ++ ++ arch_stack_walk(save_return_addr, &data, current, NULL); ++ ++ if (!data.level) ++ return data.addr; ++ else ++ return NULL; ++ ++} ++EXPORT_SYMBOL_GPL(return_address); ++NOKPROBE_SYMBOL(return_address); diff --git a/queue-6.6/series b/queue-6.6/series index baaff649c43..76aefc3bb46 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -94,3 +94,8 @@ mmc-mmci-stm32-fix-dma-api-overlapping-mappings-warning.patch mmc-core-fix-emmc-initialization-with-1-bit-bus-connection.patch mmc-sdhci-xenon-add-timeout-for-phy-init-complete.patch mmc-sdhci-xenon-fix-phy-init-clock-stability.patch +risc-v-drop-invalid-test-from-config_as_has_option_arch.patch +riscv-add-caller_addrx-support.patch +kbuild-add-wa-fatal-warnings-to-as-instr-invocation.patch +iommufd-fix-iopt_access_list_id-overwrite-bug.patch +efivarfs-request-at-most-512-bytes-for-variable-names.patch -- 2.47.2