From 6bfeb1dba0d5f8c27f6231bea6050301b1d6d9f1 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 1 Feb 2023 11:41:55 -0500 Subject: [PATCH] Fixes for 5.4 Signed-off-by: Sasha Levin --- ...ts-imx-fix-pca9547-i2c-mux-node-name.patch | 43 +++++++++++++ ...issing-pd_online_fn-while-activating.patch | 39 ++++++++++++ ...ask-with-pid-1-in-send_signal_common.patch | 61 +++++++++++++++++++ ...ma-fix-a-possible-memory-leak-in-sdm.patch | 49 +++++++++++++++ queue-5.4/series | 4 ++ 5 files changed, 196 insertions(+) create mode 100644 queue-5.4/arm-dts-imx-fix-pca9547-i2c-mux-node-name.patch create mode 100644 queue-5.4/blk-cgroup-fix-missing-pd_online_fn-while-activating.patch create mode 100644 queue-5.4/bpf-skip-task-with-pid-1-in-send_signal_common.patch create mode 100644 queue-5.4/dmaengine-imx-sdma-fix-a-possible-memory-leak-in-sdm.patch diff --git a/queue-5.4/arm-dts-imx-fix-pca9547-i2c-mux-node-name.patch b/queue-5.4/arm-dts-imx-fix-pca9547-i2c-mux-node-name.patch new file mode 100644 index 00000000000..ba245289990 --- /dev/null +++ b/queue-5.4/arm-dts-imx-fix-pca9547-i2c-mux-node-name.patch @@ -0,0 +1,43 @@ +From 25debe82536b99bdcfb357daa4fab3a9cd6cec86 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Dec 2022 17:49:18 +0100 +Subject: ARM: dts: imx: Fix pca9547 i2c-mux node name + +From: Geert Uytterhoeven + +[ Upstream commit f78985f9f58380eec37f82c8a2c765aa7670fc29 ] + +"make dtbs_check": + + arch/arm/boot/dts/imx53-ppd.dtb: i2c-switch@70: $nodename:0: 'i2c-switch@70' does not match '^(i2c-?)?mux' + From schema: Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml + arch/arm/boot/dts/imx53-ppd.dtb: i2c-switch@70: Unevaluated properties are not allowed ('#address-cells', '#size-cells', 'i2c@0', 'i2c@1', 'i2c@2', 'i2c@3', 'i2c@4', 'i2c@5', 'i2c@6', 'i2c@7' were unexpected) + From schema: Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml + +Fix this by renaming the PCA9547 node to "i2c-mux", to match the I2C bus +multiplexer/switch DT bindings and the Generic Names Recommendation in +the Devicetree Specification. + +Signed-off-by: Geert Uytterhoeven +Signed-off-by: Shawn Guo +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/imx53-ppd.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/boot/dts/imx53-ppd.dts b/arch/arm/boot/dts/imx53-ppd.dts +index c80d1700e094..c01dc571b55c 100644 +--- a/arch/arm/boot/dts/imx53-ppd.dts ++++ b/arch/arm/boot/dts/imx53-ppd.dts +@@ -461,7 +461,7 @@ &i2c1 { + scl-gpios = <&gpio3 21 GPIO_ACTIVE_HIGH>; + status = "okay"; + +- i2c-switch@70 { ++ i2c-mux@70 { + compatible = "nxp,pca9547"; + #address-cells = <1>; + #size-cells = <0>; +-- +2.39.0 + diff --git a/queue-5.4/blk-cgroup-fix-missing-pd_online_fn-while-activating.patch b/queue-5.4/blk-cgroup-fix-missing-pd_online_fn-while-activating.patch new file mode 100644 index 00000000000..aa5a1811cc2 --- /dev/null +++ b/queue-5.4/blk-cgroup-fix-missing-pd_online_fn-while-activating.patch @@ -0,0 +1,39 @@ +From 215898832511a9459c12cddf72bacadbff9556aa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Jan 2023 19:28:33 +0800 +Subject: blk-cgroup: fix missing pd_online_fn() while activating policy + +From: Yu Kuai + +[ Upstream commit e3ff8887e7db757360f97634e0d6f4b8e27a8c46 ] + +If the policy defines pd_online_fn(), it should be called after +pd_init_fn(), like blkg_create(). + +Signed-off-by: Yu Kuai +Acked-by: Tejun Heo +Link: https://lore.kernel.org/r/20230103112833.2013432-1-yukuai1@huaweicloud.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/blk-cgroup.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c +index dde8d0acfb34..cd085a0e5e4a 100644 +--- a/block/blk-cgroup.c ++++ b/block/blk-cgroup.c +@@ -1445,6 +1445,10 @@ int blkcg_activate_policy(struct request_queue *q, + list_for_each_entry_reverse(blkg, &q->blkg_list, q_node) + pol->pd_init_fn(blkg->pd[pol->plid]); + ++ if (pol->pd_online_fn) ++ list_for_each_entry_reverse(blkg, &q->blkg_list, q_node) ++ pol->pd_online_fn(blkg->pd[pol->plid]); ++ + __set_bit(pol->plid, q->blkcg_pols); + ret = 0; + +-- +2.39.0 + diff --git a/queue-5.4/bpf-skip-task-with-pid-1-in-send_signal_common.patch b/queue-5.4/bpf-skip-task-with-pid-1-in-send_signal_common.patch new file mode 100644 index 00000000000..2fd7294dddf --- /dev/null +++ b/queue-5.4/bpf-skip-task-with-pid-1-in-send_signal_common.patch @@ -0,0 +1,61 @@ +From bef288f83c39e7cadcfddf06e580a0c5f5b30dfb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 6 Jan 2023 16:48:38 +0800 +Subject: bpf: Skip task with pid=1 in send_signal_common() + +From: Hao Sun + +[ Upstream commit a3d81bc1eaef48e34dd0b9b48eefed9e02a06451 ] + +The following kernel panic can be triggered when a task with pid=1 attaches +a prog that attempts to send killing signal to itself, also see [1] for more +details: + + Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b + CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 + Call Trace: + + __dump_stack lib/dump_stack.c:88 [inline] + dump_stack_lvl+0x100/0x178 lib/dump_stack.c:106 + panic+0x2c4/0x60f kernel/panic.c:275 + do_exit.cold+0x63/0xe4 kernel/exit.c:789 + do_group_exit+0xd4/0x2a0 kernel/exit.c:950 + get_signal+0x2460/0x2600 kernel/signal.c:2858 + arch_do_signal_or_restart+0x78/0x5d0 arch/x86/kernel/signal.c:306 + exit_to_user_mode_loop kernel/entry/common.c:168 [inline] + exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 + __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] + syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296 + do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + +So skip task with pid=1 in bpf_send_signal_common() to avoid the panic. + + [1] https://lore.kernel.org/bpf/20221222043507.33037-1-sunhao.th@gmail.com + +Signed-off-by: Hao Sun +Signed-off-by: Daniel Borkmann +Acked-by: Stanislav Fomichev +Link: https://lore.kernel.org/bpf/20230106084838.12690-1-sunhao.th@gmail.com +Signed-off-by: Sasha Levin +--- + kernel/trace/bpf_trace.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c +index 4d9f81802911..1e1345cd21b4 100644 +--- a/kernel/trace/bpf_trace.c ++++ b/kernel/trace/bpf_trace.c +@@ -649,6 +649,9 @@ BPF_CALL_1(bpf_send_signal, u32, sig) + return -EPERM; + if (unlikely(!nmi_uaccess_okay())) + return -EPERM; ++ /* Task should not be pid=1 to avoid kernel panic. */ ++ if (unlikely(is_global_init(current))) ++ return -EPERM; + + if (irqs_disabled()) { + /* Do an early check on signal validity. Otherwise, +-- +2.39.0 + diff --git a/queue-5.4/dmaengine-imx-sdma-fix-a-possible-memory-leak-in-sdm.patch b/queue-5.4/dmaengine-imx-sdma-fix-a-possible-memory-leak-in-sdm.patch new file mode 100644 index 00000000000..cc01740555f --- /dev/null +++ b/queue-5.4/dmaengine-imx-sdma-fix-a-possible-memory-leak-in-sdm.patch @@ -0,0 +1,49 @@ +From b092fc52b3b9e5aff41c26bcd7d4b926a2affd55 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Nov 2022 17:08:00 +0800 +Subject: dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init + +From: Hui Wang + +[ Upstream commit 1417f59ac0b02130ee56c0c50794b9b257be3d17 ] + +If the function sdma_load_context() fails, the sdma_desc will be +freed, but the allocated desc->bd is forgot to be freed. + +We already met the sdma_load_context() failure case and the log as +below: +[ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready +... + +In this case, the desc->bd will not be freed without this change. + +Signed-off-by: Hui Wang +Reviewed-by: Sascha Hauer +Link: https://lore.kernel.org/r/20221130090800.102035-1-hui.wang@canonical.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/imx-sdma.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c +index 8ec7a7041e84..8dbff2f6c3b8 100644 +--- a/drivers/dma/imx-sdma.c ++++ b/drivers/dma/imx-sdma.c +@@ -1360,10 +1360,12 @@ static struct sdma_desc *sdma_transfer_init(struct sdma_channel *sdmac, + sdma_config_ownership(sdmac, false, true, false); + + if (sdma_load_context(sdmac)) +- goto err_desc_out; ++ goto err_bd_out; + + return desc; + ++err_bd_out: ++ sdma_free_bd(desc); + err_desc_out: + kfree(desc); + err_out: +-- +2.39.0 + diff --git a/queue-5.4/series b/queue-5.4/series index 9cf4571aa94..19ec5b7d004 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -107,3 +107,7 @@ netfilter-conntrack-unify-established-states-for-sctp-paths.patch perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch clk-fix-pointer-casting-to-prevent-oops-in-devm_clk_release.patch x86-asm-fix-an-assembler-warning-with-current-binutils.patch +arm-dts-imx-fix-pca9547-i2c-mux-node-name.patch +bpf-skip-task-with-pid-1-in-send_signal_common.patch +blk-cgroup-fix-missing-pd_online_fn-while-activating.patch +dmaengine-imx-sdma-fix-a-possible-memory-leak-in-sdm.patch -- 2.47.2