From 8493b2039ba455303ce9557541cb0c6eedbd3d10 Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Mon, 13 Jun 2022 01:20:47 -0400
Subject: [PATCH] Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...-change-kernel-config-dumping-method.patch | 43 +++++++++++++
 queue-5.4/series                              |  2 +
 ...descriptors-check-in-the-indirect-ca.patch | 63 +++++++++++++++++++
 3 files changed, 108 insertions(+)
 create mode 100644 queue-5.4/scripts-gdb-change-kernel-config-dumping-method.patch
 create mode 100644 queue-5.4/vringh-fix-loop-descriptors-check-in-the-indirect-ca.patch

diff --git a/queue-5.4/scripts-gdb-change-kernel-config-dumping-method.patch b/queue-5.4/scripts-gdb-change-kernel-config-dumping-method.patch
new file mode 100644
index 00000000000..c688bf6b580
--- /dev/null
+++ b/queue-5.4/scripts-gdb-change-kernel-config-dumping-method.patch
@@ -0,0 +1,43 @@
+From c47ba421084db4aebc34419ff541be35ac0a7681 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 10 Jun 2022 15:14:57 +0800
+Subject: scripts/gdb: change kernel config dumping method
+
+From: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
+
+[ Upstream commit 1f7a6cf6b07c74a17343c2559cd5f5018a245961 ]
+
+MAGIC_START("IKCFG_ST") and MAGIC_END("IKCFG_ED") are moved out
+from the kernel_config_data variable.
+
+Thus, we parse kernel_config_data directly instead of considering
+offset of MAGIC_START and MAGIC_END.
+
+Fixes: 13610aa908dc ("kernel/configs: use .incbin directive to embed config_data.gz")
+Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ scripts/gdb/linux/config.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/scripts/gdb/linux/config.py b/scripts/gdb/linux/config.py
+index 90e1565b1967..8843ab3cbadd 100644
+--- a/scripts/gdb/linux/config.py
++++ b/scripts/gdb/linux/config.py
+@@ -24,9 +24,9 @@ class LxConfigDump(gdb.Command):
+             filename = arg
+ 
+         try:
+-            py_config_ptr = gdb.parse_and_eval("kernel_config_data + 8")
+-            py_config_size = gdb.parse_and_eval(
+-                    "sizeof(kernel_config_data) - 1 - 8 * 2")
++            py_config_ptr = gdb.parse_and_eval("&kernel_config_data")
++            py_config_ptr_end = gdb.parse_and_eval("&kernel_config_data_end")
++            py_config_size = py_config_ptr_end - py_config_ptr
+         except gdb.error as e:
+             raise gdb.GdbError("Can't find config, enable CONFIG_IKCONFIG?")
+ 
+-- 
+2.35.1
+
diff --git a/queue-5.4/series b/queue-5.4/series
index f04a59d613f..dd6fd3c813d 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -396,3 +396,5 @@ nbd-fix-io-hung-while-disconnecting-device.patch
 s390-gmap-voluntarily-schedule-during-key-setting.patch
 cifs-version-operations-for-smb20-unneeded-when-lega.patch
 nodemask-fix-return-values-to-be-unsigned.patch
+vringh-fix-loop-descriptors-check-in-the-indirect-ca.patch
+scripts-gdb-change-kernel-config-dumping-method.patch
diff --git a/queue-5.4/vringh-fix-loop-descriptors-check-in-the-indirect-ca.patch b/queue-5.4/vringh-fix-loop-descriptors-check-in-the-indirect-ca.patch
new file mode 100644
index 00000000000..03becff5f2b
--- /dev/null
+++ b/queue-5.4/vringh-fix-loop-descriptors-check-in-the-indirect-ca.patch
@@ -0,0 +1,63 @@
+From e2015078c597ae13114674f6975a000c69bace82 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 5 May 2022 18:09:10 +0800
+Subject: vringh: Fix loop descriptors check in the indirect cases
+
+From: Xie Yongji <xieyongji@bytedance.com>
+
+[ Upstream commit dbd29e0752286af74243cf891accf472b2f3edd8 ]
+
+We should use size of descriptor chain to test loop condition
+in the indirect case. And another statistical count is also introduced
+for indirect descriptors to avoid conflict with the statistical count
+of direct descriptors.
+
+Fixes: f87d0fbb5798 ("vringh: host-side implementation of virtio rings.")
+Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
+Signed-off-by: Fam Zheng <fam.zheng@bytedance.com>
+Message-Id: <20220505100910.137-1-xieyongji@bytedance.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/vhost/vringh.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
+index 4653de001e26..264cbe385a63 100644
+--- a/drivers/vhost/vringh.c
++++ b/drivers/vhost/vringh.c
+@@ -264,7 +264,7 @@ __vringh_iov(struct vringh *vrh, u16 i,
+ 	     gfp_t gfp,
+ 	     int (*copy)(void *dst, const void *src, size_t len))
+ {
+-	int err, count = 0, up_next, desc_max;
++	int err, count = 0, indirect_count = 0, up_next, desc_max;
+ 	struct vring_desc desc, *descs;
+ 	struct vringh_range range = { -1ULL, 0 }, slowrange;
+ 	bool slow = false;
+@@ -321,7 +321,12 @@ __vringh_iov(struct vringh *vrh, u16 i,
+ 			continue;
+ 		}
+ 
+-		if (count++ == vrh->vring.num) {
++		if (up_next == -1)
++			count++;
++		else
++			indirect_count++;
++
++		if (count > vrh->vring.num || indirect_count > desc_max) {
+ 			vringh_bad("Descriptor loop in %p", descs);
+ 			err = -ELOOP;
+ 			goto fail;
+@@ -383,6 +388,7 @@ __vringh_iov(struct vringh *vrh, u16 i,
+ 				i = return_from_indirect(vrh, &up_next,
+ 							 &descs, &desc_max);
+ 				slow = false;
++				indirect_count = 0;
+ 			} else
+ 				break;
+ 		}
+-- 
+2.35.1
+
-- 
2.47.3