From 2c26d2edc82210c11c7135c8bc141fd9f8fb3dad Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Tue, 14 Dec 2021 21:44:20 -0500 Subject: [PATCH] Fixes for 5.4 Signed-off-by: Sasha Levin --- ...add-connector-type-check-for-crc-sou.patch | 78 +++++++ ...fix-for-the-no-audio-bug-with-tiled-.patch | 46 ++++ ...m-msm-dsi-set-default-num_data_lanes.patch | 44 ++++ ...a-spurious-start-completion-interrup.patch | 66 ++++++ ...update-reported-link-modes-for-1-10g.patch | 114 ++++++++++ ...etlink-prevent-empty-skb-by-adding-a.patch | 204 ++++++++++++++++++ ...ate-parisc-agp-init-functions-with-_.patch | 50 +++++ queue-5.4/series | 8 + ...emleak-false-positive-in-tracing_map.patch | 103 +++++++++ 9 files changed, 713 insertions(+) create mode 100644 queue-5.4/drm-amd-display-add-connector-type-check-for-crc-sou.patch create mode 100644 queue-5.4/drm-amd-display-fix-for-the-no-audio-bug-with-tiled-.patch create mode 100644 queue-5.4/drm-msm-dsi-set-default-num_data_lanes.patch create mode 100644 queue-5.4/i2c-rk3x-handle-a-spurious-start-completion-interrup.patch create mode 100644 queue-5.4/net-mlx4_en-update-reported-link-modes-for-1-10g.patch create mode 100644 queue-5.4/net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch create mode 100644 queue-5.4/parisc-agp-annotate-parisc-agp-init-functions-with-_.patch create mode 100644 queue-5.4/tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch diff --git a/queue-5.4/drm-amd-display-add-connector-type-check-for-crc-sou.patch b/queue-5.4/drm-amd-display-add-connector-type-check-for-crc-sou.patch new file mode 100644 index 00000000000..f67e83a0aa6 --- /dev/null +++ b/queue-5.4/drm-amd-display-add-connector-type-check-for-crc-sou.patch @@ -0,0 +1,78 @@ +From b51e854dccf93d67a4c42f07753790cee1a6b435 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Nov 2021 04:27:55 -0500 +Subject: drm/amd/display: add connector type check for CRC source set + +From: Perry Yuan + +[ Upstream commit 2da34b7bb59e1caa9a336e0e20a76b8b6a4abea2 ] + +[Why] +IGT bypass test will set crc source as DPRX,and display DM didn`t check +connection type, it run the test on the HDMI connector ,then the kernel +will be crashed because aux->transfer is set null for HDMI connection. +This patch will skip the invalid connection test and fix kernel crash issue. + +[How] +Check the connector type while setting the pipe crc source as DPRX or +auto,if the type is not DP or eDP, the crtc crc source will not be set +and report error code to IGT test,IGT will show the this subtest as no +valid crtc/connector combinations found. + +116.779714] [IGT] amd_bypass: starting subtest 8bpc-bypass-mode +[ 117.730996] BUG: kernel NULL pointer dereference, address: 0000000000000000 +[ 117.731001] #PF: supervisor instruction fetch in kernel mode +[ 117.731003] #PF: error_code(0x0010) - not-present page +[ 117.731004] PGD 0 P4D 0 +[ 117.731006] Oops: 0010 [#1] SMP NOPTI +[ 117.731009] CPU: 11 PID: 2428 Comm: amd_bypass Tainted: G OE 5.11.0-34-generic #36~20.04.1-Ubuntu +[ 117.731011] Hardware name: AMD CZN/, BIOS AB.FD 09/07/2021 +[ 117.731012] RIP: 0010:0x0 +[ 117.731015] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. +[ 117.731016] RSP: 0018:ffffa8d64225bab8 EFLAGS: 00010246 +[ 117.731017] RAX: 0000000000000000 RBX: 0000000000000020 RCX: ffffa8d64225bb5e +[ 117.731018] RDX: ffff93151d921880 RSI: ffffa8d64225bac8 RDI: ffff931511a1a9d8 +[ 117.731022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 117.731023] CR2: ffffffffffffffd6 CR3: 000000010d5a4000 CR4: 0000000000750ee0 +[ 117.731023] PKRU: 55555554 +[ 117.731024] Call Trace: +[ 117.731027] drm_dp_dpcd_access+0x72/0x110 [drm_kms_helper] +[ 117.731036] drm_dp_dpcd_read+0xb7/0xf0 [drm_kms_helper] +[ 117.731040] drm_dp_start_crc+0x38/0xb0 [drm_kms_helper] +[ 117.731047] amdgpu_dm_crtc_set_crc_source+0x1ae/0x3e0 [amdgpu] +[ 117.731149] crtc_crc_open+0x174/0x220 [drm] +[ 117.731162] full_proxy_open+0x168/0x1f0 +[ 117.731165] ? open_proxy_open+0x100/0x100 + +BugLink: https://gitlab.freedesktop.org/drm/amd/-/issues/1546 +Reviewed-by: Harry Wentland +Reviewed-by: Rodrigo Siqueira +Signed-off-by: Perry Yuan +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c +index f0b001b3af578..883ee517673bd 100644 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c +@@ -221,6 +221,14 @@ int amdgpu_dm_crtc_set_crc_source(struct drm_crtc *crtc, const char *src_name) + ret = -EINVAL; + goto cleanup; + } ++ ++ if ((aconn->base.connector_type != DRM_MODE_CONNECTOR_DisplayPort) && ++ (aconn->base.connector_type != DRM_MODE_CONNECTOR_eDP)) { ++ DRM_DEBUG_DRIVER("No DP connector available for CRC source\n"); ++ ret = -EINVAL; ++ goto cleanup; ++ } ++ + } + + if (amdgpu_dm_crtc_configure_crc_source(crtc, crtc_state, source)) { +-- +2.33.0 + diff --git a/queue-5.4/drm-amd-display-fix-for-the-no-audio-bug-with-tiled-.patch b/queue-5.4/drm-amd-display-fix-for-the-no-audio-bug-with-tiled-.patch new file mode 100644 index 00000000000..8b2f5d4845d --- /dev/null +++ b/queue-5.4/drm-amd-display-fix-for-the-no-audio-bug-with-tiled-.patch @@ -0,0 +1,46 @@ +From 328db4fdfb5f617513e3fa55c03ab3cdb0269d6f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Nov 2021 17:56:42 -0500 +Subject: drm/amd/display: Fix for the no Audio bug with Tiled Displays + +From: Mustapha Ghaddar + +[ Upstream commit 5ceaebcda9061c04f439c93961f0819878365c0f ] + +[WHY] +It seems like after a series of plug/unplugs we end up in a situation +where tiled display doesnt support Audio. + +[HOW] +The issue seems to be related to when we check streams changed after an +HPD, we should be checking the audio_struct as well to see if any of its +values changed. + +Reviewed-by: Jun Lei +Acked-by: Bhawanpreet Lakha +Signed-off-by: Mustapha Ghaddar +Tested-by: Daniel Wheeler +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +index f25ac17f47fa9..95a5310e9e661 100644 +--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c ++++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +@@ -1546,6 +1546,10 @@ bool dc_is_stream_unchanged( + if (old_stream->ignore_msa_timing_param != stream->ignore_msa_timing_param) + return false; + ++ // Only Have Audio left to check whether it is same or not. This is a corner case for Tiled sinks ++ if (old_stream->audio_info.mode_count != stream->audio_info.mode_count) ++ return false; ++ + return true; + } + +-- +2.33.0 + diff --git a/queue-5.4/drm-msm-dsi-set-default-num_data_lanes.patch b/queue-5.4/drm-msm-dsi-set-default-num_data_lanes.patch new file mode 100644 index 00000000000..54050c6074e --- /dev/null +++ b/queue-5.4/drm-msm-dsi-set-default-num_data_lanes.patch @@ -0,0 +1,44 @@ +From d226b4ba360f78f616167bf05c941cb7e0e2e8b1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 30 Oct 2021 10:08:50 -0700 +Subject: drm/msm/dsi: set default num_data_lanes + +From: Philip Chen + +[ Upstream commit cd92cc187c053ab010a1570e2d61d68394a5c725 ] + +If "data_lanes" property of the dsi output endpoint is missing in +the DT, num_data_lanes would be 0 by default, which could cause +dsi_host_attach() to fail if dsi->lanes is set to a non-zero value +by the bridge driver. + +According to the binding document of msm dsi controller, the +input/output endpoint of the controller is expected to have 4 lanes. +So let's set num_data_lanes to 4 by default. + +Signed-off-by: Philip Chen +Reviewed-by: Douglas Anderson +Reviewed-by: Stephen Boyd +Link: https://lore.kernel.org/r/20211030100812.1.I6cd9af36b723fed277d34539d3b2ba4ca233ad2d@changeid +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/dsi/dsi_host.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c +index 5613234823f7d..423c4ae2be10d 100644 +--- a/drivers/gpu/drm/msm/dsi/dsi_host.c ++++ b/drivers/gpu/drm/msm/dsi/dsi_host.c +@@ -1669,6 +1669,8 @@ static int dsi_host_parse_lane_data(struct msm_dsi_host *msm_host, + if (!prop) { + DRM_DEV_DEBUG(dev, + "failed to find data lane mapping, using default\n"); ++ /* Set the number of date lanes to 4 by default. */ ++ msm_host->num_data_lanes = 4; + return 0; + } + +-- +2.33.0 + diff --git a/queue-5.4/i2c-rk3x-handle-a-spurious-start-completion-interrup.patch b/queue-5.4/i2c-rk3x-handle-a-spurious-start-completion-interrup.patch new file mode 100644 index 00000000000..4597c80c36f --- /dev/null +++ b/queue-5.4/i2c-rk3x-handle-a-spurious-start-completion-interrup.patch @@ -0,0 +1,66 @@ +From c953df3a93c46c9ba0eb08f263900a55dd46105f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 24 Sep 2021 13:15:27 +0200 +Subject: i2c: rk3x: Handle a spurious start completion interrupt flag + +From: Ondrej Jirman + +[ Upstream commit 02fe0fbd8a21e183687925c3a266ae27dda9840f ] + +In a typical read transfer, start completion flag is being set after +read finishes (notice ipd bit 4 being set): + +trasnfer poll=0 +i2c start +rk3x-i2c fdd40000.i2c: IRQ: state 1, ipd: 10 +i2c read +rk3x-i2c fdd40000.i2c: IRQ: state 2, ipd: 1b +i2c stop +rk3x-i2c fdd40000.i2c: IRQ: state 4, ipd: 33 + +This causes I2C transfer being aborted in polled mode from a stop completion +handler: + +trasnfer poll=1 +i2c start +rk3x-i2c fdd40000.i2c: IRQ: state 1, ipd: 10 +i2c read +rk3x-i2c fdd40000.i2c: IRQ: state 2, ipd: 0 +rk3x-i2c fdd40000.i2c: IRQ: state 2, ipd: 1b +i2c stop +rk3x-i2c fdd40000.i2c: IRQ: state 4, ipd: 13 +i2c stop +rk3x-i2c fdd40000.i2c: unexpected irq in STOP: 0x10 + +Clearing the START flag after read fixes the issue without any obvious +side effects. + +This issue was dicovered on RK3566 when adding support for powering +off the RK817 PMIC. + +Signed-off-by: Ondrej Jirman +Reviewed-by: John Keeping +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-rk3x.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-rk3x.c b/drivers/i2c/busses/i2c-rk3x.c +index 1a33007b03e9e..1107a5e7229e4 100644 +--- a/drivers/i2c/busses/i2c-rk3x.c ++++ b/drivers/i2c/busses/i2c-rk3x.c +@@ -422,8 +422,8 @@ static void rk3x_i2c_handle_read(struct rk3x_i2c *i2c, unsigned int ipd) + if (!(ipd & REG_INT_MBRF)) + return; + +- /* ack interrupt */ +- i2c_writel(i2c, REG_INT_MBRF, REG_IPD); ++ /* ack interrupt (read also produces a spurious START flag, clear it too) */ ++ i2c_writel(i2c, REG_INT_MBRF | REG_INT_START, REG_IPD); + + /* Can only handle a maximum of 32 bytes at a time */ + if (len > 32) +-- +2.33.0 + diff --git a/queue-5.4/net-mlx4_en-update-reported-link-modes-for-1-10g.patch b/queue-5.4/net-mlx4_en-update-reported-link-modes-for-1-10g.patch new file mode 100644 index 00000000000..5ef450f8a15 --- /dev/null +++ b/queue-5.4/net-mlx4_en-update-reported-link-modes-for-1-10g.patch @@ -0,0 +1,114 @@ +From 34bc73f568e306121e1e6f35ac8c565bcfd95411 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 28 Nov 2021 13:37:11 +0100 +Subject: net/mlx4_en: Update reported link modes for 1/10G + +From: Erik Ekman + +[ Upstream commit 2191b1dfef7d45f44b5008d2148676d9f2c82874 ] + +When link modes were initially added in commit 2c762679435dc +("net/mlx4_en: Use PTYS register to query ethtool settings") and +later updated for the new ethtool API in commit 3d8f7cc78d0eb +("net: mlx4: use new ETHTOOL_G/SSETTINGS API") the only 1/10G non-baseT +link modes configured were 1000baseKX, 10000baseKX4 and 10000baseKR. +It looks like these got picked to represent other modes since nothing +better was available. + +Switch to using more specific link modes added in commit 5711a98221443 +("net: ethtool: add support for 1000BaseX and missing 10G link modes"). + +Tested with MCX311A-XCAT connected via DAC. +Before: + +% sudo ethtool enp3s0 +Settings for enp3s0: + Supported ports: [ FIBRE ] + Supported link modes: 1000baseKX/Full + 10000baseKR/Full + Supported pause frame use: Symmetric Receive-only + Supports auto-negotiation: No + Supported FEC modes: Not reported + Advertised link modes: 1000baseKX/Full + 10000baseKR/Full + Advertised pause frame use: Symmetric + Advertised auto-negotiation: No + Advertised FEC modes: Not reported + Speed: 10000Mb/s + Duplex: Full + Auto-negotiation: off + Port: Direct Attach Copper + PHYAD: 0 + Transceiver: internal + Supports Wake-on: d + Wake-on: d + Current message level: 0x00000014 (20) + link ifdown + Link detected: yes + +With this change: + +% sudo ethtool enp3s0 + Settings for enp3s0: + Supported ports: [ FIBRE ] + Supported link modes: 1000baseX/Full + 10000baseCR/Full + 10000baseSR/Full + Supported pause frame use: Symmetric Receive-only + Supports auto-negotiation: No + Supported FEC modes: Not reported + Advertised link modes: 1000baseX/Full + 10000baseCR/Full + 10000baseSR/Full + Advertised pause frame use: Symmetric + Advertised auto-negotiation: No + Advertised FEC modes: Not reported + Speed: 10000Mb/s + Duplex: Full + Auto-negotiation: off + Port: Direct Attach Copper + PHYAD: 0 + Transceiver: internal + Supports Wake-on: d + Wake-on: d + Current message level: 0x00000014 (20) + link ifdown + Link detected: yes + +Tested-by: Michael Stapelberg +Signed-off-by: Erik Ekman +Reviewed-by: Tariq Toukan +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +index 426786a349c3c..dd029d91bbc2d 100644 +--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c ++++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +@@ -663,7 +663,7 @@ void __init mlx4_en_init_ptys2ethtool_map(void) + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_1000BASE_T, SPEED_1000, + ETHTOOL_LINK_MODE_1000baseT_Full_BIT); + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_1000BASE_CX_SGMII, SPEED_1000, +- ETHTOOL_LINK_MODE_1000baseKX_Full_BIT); ++ ETHTOOL_LINK_MODE_1000baseX_Full_BIT); + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_1000BASE_KX, SPEED_1000, + ETHTOOL_LINK_MODE_1000baseKX_Full_BIT); + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_T, SPEED_10000, +@@ -675,9 +675,9 @@ void __init mlx4_en_init_ptys2ethtool_map(void) + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_KR, SPEED_10000, + ETHTOOL_LINK_MODE_10000baseKR_Full_BIT); + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_CR, SPEED_10000, +- ETHTOOL_LINK_MODE_10000baseKR_Full_BIT); ++ ETHTOOL_LINK_MODE_10000baseCR_Full_BIT); + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_SR, SPEED_10000, +- ETHTOOL_LINK_MODE_10000baseKR_Full_BIT); ++ ETHTOOL_LINK_MODE_10000baseSR_Full_BIT); + MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_20GBASE_KR2, SPEED_20000, + ETHTOOL_LINK_MODE_20000baseMLD2_Full_BIT, + ETHTOOL_LINK_MODE_20000baseKR2_Full_BIT); +-- +2.33.0 + diff --git a/queue-5.4/net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch b/queue-5.4/net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch new file mode 100644 index 00000000000..85a86329b5f --- /dev/null +++ b/queue-5.4/net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch @@ -0,0 +1,204 @@ +From b1fae2fb1371cb5c4a9b02a0ad701f65df470ecf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Nov 2021 09:53:27 -0800 +Subject: net: netlink: af_netlink: Prevent empty skb by adding a check on len. + +From: Harshit Mogalapalli + +[ Upstream commit f123cffdd8fe8ea6c7fded4b88516a42798797d0 ] + +Adding a check on len parameter to avoid empty skb. This prevents a +division error in netem_enqueue function which is caused when skb->len=0 +and skb->data_len=0 in the randomized corruption step as shown below. + +skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8); + +Crash Report: +[ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family +0 port 6081 - 0 +[ 343.216110] netem: version 1.3 +[ 343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI +[ 343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+ +[ 343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), +BIOS 1.11.0-2.el7 04/01/2014 +[ 343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem] +[ 343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff +ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f +74 f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03 +[ 343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246 +[ 343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX: +0000000000000000 +[ 343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI: +ffff88800f8eda40 +[ 343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09: +ffffffff94fb8445 +[ 343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12: +0000000000000000 +[ 343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15: +0000000000000020 +[ 343.247291] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000) +knlGS:0000000000000000 +[ 343.248350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4: +00000000000006e0 +[ 343.250076] Call Trace: +[ 343.250423] +[ 343.250713] ? memcpy+0x4d/0x60 +[ 343.251162] ? netem_init+0xa0/0xa0 [sch_netem] +[ 343.251795] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.252443] netem_enqueue+0xe28/0x33c0 [sch_netem] +[ 343.253102] ? stack_trace_save+0x87/0xb0 +[ 343.253655] ? filter_irq_stacks+0xb0/0xb0 +[ 343.254220] ? netem_init+0xa0/0xa0 [sch_netem] +[ 343.254837] ? __kasan_check_write+0x14/0x20 +[ 343.255418] ? _raw_spin_lock+0x88/0xd6 +[ 343.255953] dev_qdisc_enqueue+0x50/0x180 +[ 343.256508] __dev_queue_xmit+0x1a7e/0x3090 +[ 343.257083] ? netdev_core_pick_tx+0x300/0x300 +[ 343.257690] ? check_kcov_mode+0x10/0x40 +[ 343.258219] ? _raw_spin_unlock_irqrestore+0x29/0x40 +[ 343.258899] ? __kasan_init_slab_obj+0x24/0x30 +[ 343.259529] ? setup_object.isra.71+0x23/0x90 +[ 343.260121] ? new_slab+0x26e/0x4b0 +[ 343.260609] ? kasan_poison+0x3a/0x50 +[ 343.261118] ? kasan_unpoison+0x28/0x50 +[ 343.261637] ? __kasan_slab_alloc+0x71/0x90 +[ 343.262214] ? memcpy+0x4d/0x60 +[ 343.262674] ? write_comp_data+0x2f/0x90 +[ 343.263209] ? __kasan_check_write+0x14/0x20 +[ 343.263802] ? __skb_clone+0x5d6/0x840 +[ 343.264329] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.264958] dev_queue_xmit+0x1c/0x20 +[ 343.265470] netlink_deliver_tap+0x652/0x9c0 +[ 343.266067] netlink_unicast+0x5a0/0x7f0 +[ 343.266608] ? netlink_attachskb+0x860/0x860 +[ 343.267183] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.267820] ? write_comp_data+0x2f/0x90 +[ 343.268367] netlink_sendmsg+0x922/0xe80 +[ 343.268899] ? netlink_unicast+0x7f0/0x7f0 +[ 343.269472] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.270099] ? write_comp_data+0x2f/0x90 +[ 343.270644] ? netlink_unicast+0x7f0/0x7f0 +[ 343.271210] sock_sendmsg+0x155/0x190 +[ 343.271721] ____sys_sendmsg+0x75f/0x8f0 +[ 343.272262] ? kernel_sendmsg+0x60/0x60 +[ 343.272788] ? write_comp_data+0x2f/0x90 +[ 343.273332] ? write_comp_data+0x2f/0x90 +[ 343.273869] ___sys_sendmsg+0x10f/0x190 +[ 343.274405] ? sendmsg_copy_msghdr+0x80/0x80 +[ 343.274984] ? slab_post_alloc_hook+0x70/0x230 +[ 343.275597] ? futex_wait_setup+0x240/0x240 +[ 343.276175] ? security_file_alloc+0x3e/0x170 +[ 343.276779] ? write_comp_data+0x2f/0x90 +[ 343.277313] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.277969] ? write_comp_data+0x2f/0x90 +[ 343.278515] ? __fget_files+0x1ad/0x260 +[ 343.279048] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.279685] ? write_comp_data+0x2f/0x90 +[ 343.280234] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.280874] ? sockfd_lookup_light+0xd1/0x190 +[ 343.281481] __sys_sendmsg+0x118/0x200 +[ 343.281998] ? __sys_sendmsg_sock+0x40/0x40 +[ 343.282578] ? alloc_fd+0x229/0x5e0 +[ 343.283070] ? write_comp_data+0x2f/0x90 +[ 343.283610] ? write_comp_data+0x2f/0x90 +[ 343.284135] ? __sanitizer_cov_trace_pc+0x21/0x60 +[ 343.284776] ? ktime_get_coarse_real_ts64+0xb8/0xf0 +[ 343.285450] __x64_sys_sendmsg+0x7d/0xc0 +[ 343.285981] ? syscall_enter_from_user_mode+0x4d/0x70 +[ 343.286664] do_syscall_64+0x3a/0x80 +[ 343.287158] entry_SYSCALL_64_after_hwframe+0x44/0xae +[ 343.287850] RIP: 0033:0x7fdde24cf289 +[ 343.288344] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 +48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f +05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 db 2c 00 f7 d8 64 89 01 48 +[ 343.290729] RSP: 002b:00007fdde2bd6d98 EFLAGS: 00000246 ORIG_RAX: +000000000000002e +[ 343.291730] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: +00007fdde24cf289 +[ 343.292673] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: +0000000000000004 +[ 343.293618] RBP: 00007fdde2bd6e20 R08: 0000000100000001 R09: +0000000000000000 +[ 343.294557] R10: 0000000100000001 R11: 0000000000000246 R12: +0000000000000000 +[ 343.295493] R13: 0000000000021000 R14: 0000000000000000 R15: +00007fdde2bd7700 +[ 343.296432] +[ 343.296735] Modules linked in: sch_netem ip6_vti ip_vti ip_gre ipip +sit ip_tunnel geneve macsec macvtap tap ipvlan macvlan 8021q garp mrp +hsr wireguard libchacha20poly1305 chacha_x86_64 poly1305_x86_64 +ip6_udp_tunnel udp_tunnel libblake2s blake2s_x86_64 libblake2s_generic +curve25519_x86_64 libcurve25519_generic libchacha xfrm_interface +xfrm6_tunnel tunnel4 veth netdevsim psample batman_adv nlmon dummy team +bonding tls vcan ip6_gre ip6_tunnel tunnel6 gre tun ip6t_rpfilter +ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set +ebtable_nat ebtable_broute ip6table_nat ip6table_mangle +ip6table_security ip6table_raw iptable_nat nf_nat nf_conntrack +nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_security +iptable_raw ebtable_filter ebtables rfkill ip6table_filter ip6_tables +iptable_filter ppdev bochs drm_vram_helper drm_ttm_helper ttm +drm_kms_helper cec parport_pc drm joydev floppy parport sg syscopyarea +sysfillrect sysimgblt i2c_piix4 qemu_fw_cfg fb_sys_fops pcspkr +[ 343.297459] ip_tables xfs virtio_net net_failover failover sd_mod +sr_mod cdrom t10_pi ata_generic pata_acpi ata_piix libata virtio_pci +virtio_pci_legacy_dev serio_raw virtio_pci_modern_dev dm_mirror +dm_region_hash dm_log dm_mod +[ 343.311074] Dumping ftrace buffer: +[ 343.311532] (ftrace buffer empty) +[ 343.312040] ---[ end trace a2e3db5a6ae05099 ]--- +[ 343.312691] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem] +[ 343.313481] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff +ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f +74 f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03 +[ 343.315893] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246 +[ 343.316622] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX: +0000000000000000 +[ 343.317585] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI: +ffff88800f8eda40 +[ 343.318549] RBP: ffff88800bcd7458 R08: 0000000000000000 R09: +ffffffff94fb8445 +[ 343.319503] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12: +0000000000000000 +[ 343.320455] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15: +0000000000000020 +[ 343.321414] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000) +knlGS:0000000000000000 +[ 343.322489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 343.323283] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4: +00000000000006e0 +[ 343.324264] Kernel panic - not syncing: Fatal exception in interrupt +[ 343.333717] Dumping ftrace buffer: +[ 343.334175] (ftrace buffer empty) +[ 343.334653] Kernel Offset: 0x13600000 from 0xffffffff81000000 +(relocation range: 0xffffffff80000000-0xffffffffbfffffff) +[ 343.336027] Rebooting in 86400 seconds.. + +Reported-by: syzkaller +Signed-off-by: Harshit Mogalapalli +Link: https://lore.kernel.org/r/20211129175328.55339-1-harshit.m.mogalapalli@oracle.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/netlink/af_netlink.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c +index cb35680db9b29..891e029ad0f89 100644 +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -1862,6 +1862,11 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) + if (msg->msg_flags&MSG_OOB) + return -EOPNOTSUPP; + ++ if (len == 0) { ++ pr_warn_once("Zero length message leads to an empty skb\n"); ++ return -ENODATA; ++ } ++ + err = scm_send(sock, msg, &scm, true); + if (err < 0) + return err; +-- +2.33.0 + diff --git a/queue-5.4/parisc-agp-annotate-parisc-agp-init-functions-with-_.patch b/queue-5.4/parisc-agp-annotate-parisc-agp-init-functions-with-_.patch new file mode 100644 index 00000000000..1405a8566e3 --- /dev/null +++ b/queue-5.4/parisc-agp-annotate-parisc-agp-init-functions-with-_.patch @@ -0,0 +1,50 @@ +From 2d3985a654f2f9e5b244c3ee33788e5564de6e2b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Nov 2021 16:45:59 +0100 +Subject: parisc/agp: Annotate parisc agp init functions with __init + +From: Helge Deller + +[ Upstream commit 8d88382b7436551a9ebb78475c546b670790cbf6 ] + +Signed-off-by: Helge Deller +Reported-by: kernel test robot +Signed-off-by: Sasha Levin +--- + drivers/char/agp/parisc-agp.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/char/agp/parisc-agp.c b/drivers/char/agp/parisc-agp.c +index ed3c4c42fc23b..d68d05d5d3838 100644 +--- a/drivers/char/agp/parisc-agp.c ++++ b/drivers/char/agp/parisc-agp.c +@@ -281,7 +281,7 @@ agp_ioc_init(void __iomem *ioc_regs) + return 0; + } + +-static int ++static int __init + lba_find_capability(int cap) + { + struct _parisc_agp_info *info = &parisc_agp_info; +@@ -366,7 +366,7 @@ parisc_agp_setup(void __iomem *ioc_hpa, void __iomem *lba_hpa) + return error; + } + +-static int ++static int __init + find_quicksilver(struct device *dev, void *data) + { + struct parisc_device **lba = data; +@@ -378,7 +378,7 @@ find_quicksilver(struct device *dev, void *data) + return 0; + } + +-static int ++static int __init + parisc_agp_init(void) + { + extern struct sba_device *sba_list; +-- +2.33.0 + diff --git a/queue-5.4/series b/queue-5.4/series index c790a73e37a..d7b0a2b6650 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -1 +1,9 @@ nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch +drm-msm-dsi-set-default-num_data_lanes.patch +net-mlx4_en-update-reported-link-modes-for-1-10g.patch +parisc-agp-annotate-parisc-agp-init-functions-with-_.patch +i2c-rk3x-handle-a-spurious-start-completion-interrup.patch +net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch +drm-amd-display-fix-for-the-no-audio-bug-with-tiled-.patch +drm-amd-display-add-connector-type-check-for-crc-sou.patch +tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch diff --git a/queue-5.4/tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch b/queue-5.4/tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch new file mode 100644 index 00000000000..bf630028a6d --- /dev/null +++ b/queue-5.4/tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch @@ -0,0 +1,103 @@ +From e463adc7ab4a9afa8703258f3839849baa5b6025 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Nov 2021 14:08:01 +0000 +Subject: tracing: Fix a kmemleak false positive in tracing_map + +From: Chen Jun + +[ Upstream commit f25667e5980a4333729cac3101e5de1bb851f71a ] + +Doing the command: + echo 'hist:key=common_pid.execname,common_timestamp' > /sys/kernel/debug/tracing/events/xxx/trigger + +Triggers many kmemleak reports: + +unreferenced object 0xffff0000c7ea4980 (size 128): + comm "bash", pid 338, jiffies 4294912626 (age 9339.324s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0 + [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178 + [<00000000633bd154>] tracing_map_init+0x1f8/0x268 + [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0 + [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128 + [<00000000f549355a>] event_trigger_write+0x7c/0x120 + [<00000000b80f898d>] vfs_write+0xc4/0x380 + [<00000000823e1055>] ksys_write+0x74/0xf8 + [<000000008a9374aa>] __arm64_sys_write+0x24/0x30 + [<0000000087124017>] do_el0_svc+0x88/0x1c0 + [<00000000efd0dcd1>] el0_svc+0x1c/0x28 + [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0 + [<00000000e7399680>] el0_sync+0x148/0x180 +unreferenced object 0xffff0000c7ea4980 (size 128): + comm "bash", pid 338, jiffies 4294912626 (age 9339.324s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0 + [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178 + [<00000000633bd154>] tracing_map_init+0x1f8/0x268 + [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0 + [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128 + [<00000000f549355a>] event_trigger_write+0x7c/0x120 + [<00000000b80f898d>] vfs_write+0xc4/0x380 + [<00000000823e1055>] ksys_write+0x74/0xf8 + [<000000008a9374aa>] __arm64_sys_write+0x24/0x30 + [<0000000087124017>] do_el0_svc+0x88/0x1c0 + [<00000000efd0dcd1>] el0_svc+0x1c/0x28 + [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0 + [<00000000e7399680>] el0_sync+0x148/0x180 + +The reason is elts->pages[i] is alloced by get_zeroed_page. +and kmemleak will not scan the area alloced by get_zeroed_page. +The address stored in elts->pages will be regarded as leaked. + +That is, the elts->pages[i] will have pointers loaded onto it as well, and +without telling kmemleak about it, those pointers will look like memory +without a reference. + +To fix this, call kmemleak_alloc to tell kmemleak to scan elts->pages[i] + +Link: https://lkml.kernel.org/r/20211124140801.87121-1-chenjun102@huawei.com + +Signed-off-by: Chen Jun +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Sasha Levin +--- + kernel/trace/tracing_map.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c +index 10657b8dc2c2d..83c2a0598c648 100644 +--- a/kernel/trace/tracing_map.c ++++ b/kernel/trace/tracing_map.c +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + #include "tracing_map.h" + #include "trace.h" +@@ -307,6 +308,7 @@ void tracing_map_array_free(struct tracing_map_array *a) + for (i = 0; i < a->n_pages; i++) { + if (!a->pages[i]) + break; ++ kmemleak_free(a->pages[i]); + free_page((unsigned long)a->pages[i]); + } + +@@ -342,6 +344,7 @@ struct tracing_map_array *tracing_map_array_alloc(unsigned int n_elts, + a->pages[i] = (void *)get_zeroed_page(GFP_KERNEL); + if (!a->pages[i]) + goto free; ++ kmemleak_alloc(a->pages[i], PAGE_SIZE, 1, GFP_KERNEL); + } + out: + return a; +-- +2.33.0 + -- 2.47.2