From b52b6923a6b8283dded9d4bcf21c99fed65729fc Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Thu, 30 Mar 2023 07:12:59 -0400
Subject: [PATCH] Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...-branch-condition-evaluates-to-a-gar.patch | 44 +++++++++++
 ...ror-handling-when-afbcd.ops-init-fai.patch | 79 +++++++++++++++++++
 ...ssing-component-unbind-on-bind-error.patch | 65 +++++++++++++++
 ...rop-pagecache-at-end-of-fs_ioc_enabl.patch | 73 +++++++++++++++++
 queue-5.4/series                              |  4 +
 5 files changed, 265 insertions(+)
 create mode 100644 queue-5.4/bus-imx-weim-fix-branch-condition-evaluates-to-a-gar.patch
 create mode 100644 queue-5.4/drm-meson-fix-error-handling-when-afbcd.ops-init-fai.patch
 create mode 100644 queue-5.4/drm-meson-fix-missing-component-unbind-on-bind-error.patch
 create mode 100644 queue-5.4/fsverity-don-t-drop-pagecache-at-end-of-fs_ioc_enabl.patch

diff --git a/queue-5.4/bus-imx-weim-fix-branch-condition-evaluates-to-a-gar.patch b/queue-5.4/bus-imx-weim-fix-branch-condition-evaluates-to-a-gar.patch
new file mode 100644
index 00000000000..a80d49aa593
--- /dev/null
+++ b/queue-5.4/bus-imx-weim-fix-branch-condition-evaluates-to-a-gar.patch
@@ -0,0 +1,44 @@
+From 981bc003a8fefa795cc15e0fd5899b63b1686894 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Mar 2023 16:25:26 +0300
+Subject: bus: imx-weim: fix branch condition evaluates to a garbage value
+
+From: Ivan Bornyakov <i.bornyakov@metrotek.ru>
+
+[ Upstream commit 1adab2922c58e7ff4fa9f0b43695079402cce876 ]
+
+If bus type is other than imx50_weim_devtype and have no child devices,
+variable 'ret' in function weim_parse_dt() will not be initialized, but
+will be used as branch condition and return value. Fix this by
+initializing 'ret' with 0.
+
+This was discovered with help of clang-analyzer, but the situation is
+quite possible in real life.
+
+Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure")
+Signed-off-by: Ivan Bornyakov <i.bornyakov@metrotek.ru>
+Cc: stable@vger.kernel.org
+Reviewed-by: Fabio Estevam <festevam@gmail.com>
+Signed-off-by: Shawn Guo <shawnguo@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/bus/imx-weim.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/bus/imx-weim.c b/drivers/bus/imx-weim.c
+index 28bb65a5613fd..201767823edb5 100644
+--- a/drivers/bus/imx-weim.c
++++ b/drivers/bus/imx-weim.c
+@@ -192,8 +192,8 @@ static int weim_parse_dt(struct platform_device *pdev, void __iomem *base)
+ 	const struct of_device_id *of_id = of_match_device(weim_id_table,
+ 							   &pdev->dev);
+ 	const struct imx_weim_devtype *devtype = of_id->data;
++	int ret = 0, have_child = 0;
+ 	struct device_node *child;
+-	int ret, have_child = 0;
+ 	struct cs_timing_state ts = {};
+ 	u32 reg;
+ 
+-- 
+2.39.2
+
diff --git a/queue-5.4/drm-meson-fix-error-handling-when-afbcd.ops-init-fai.patch b/queue-5.4/drm-meson-fix-error-handling-when-afbcd.ops-init-fai.patch
new file mode 100644
index 00000000000..559ef124d44
--- /dev/null
+++ b/queue-5.4/drm-meson-fix-error-handling-when-afbcd.ops-init-fai.patch
@@ -0,0 +1,79 @@
+From 12bde1764c3e925b3c5a81d4ec8bb117b47cbeaf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 31 Dec 2021 00:55:15 +0100
+Subject: drm/meson: Fix error handling when afbcd.ops->init fails
+
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+
+[ Upstream commit fa747d75f65d1b1cbc3f4691fa67b695e8a399c8 ]
+
+When afbcd.ops->init fails we need to free the struct drm_device. Also
+all errors which come after afbcd.ops->init was successful need to exit
+the AFBCD, just like meson_drv_unbind() does.
+
+Fixes: d1b5e41e13a7e9 ("drm/meson: Add AFBCD module driver")
+Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Acked-by: Neil Armstrong <narmstrong@baylibre.com>
+Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20211230235515.1627522-3-martin.blumenstingl@googlemail.com
+Stable-dep-of: ba98413bf45e ("drm/meson: fix missing component unbind on bind errors")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/meson/meson_drv.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
+index 9a39afc3939bc..1f81ab515876a 100644
+--- a/drivers/gpu/drm/meson/meson_drv.c
++++ b/drivers/gpu/drm/meson/meson_drv.c
+@@ -297,31 +297,31 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+ 
+ 	ret = meson_venc_cvbs_create(priv);
+ 	if (ret)
+-		goto free_drm;
++		goto exit_afbcd;
+ 
+ 	if (has_components) {
+ 		ret = component_bind_all(drm->dev, drm);
+ 		if (ret) {
+ 			dev_err(drm->dev, "Couldn't bind all components\n");
+-			goto free_drm;
++			goto exit_afbcd;
+ 		}
+ 	}
+ 
+ 	ret = meson_plane_create(priv);
+ 	if (ret)
+-		goto free_drm;
++		goto exit_afbcd;
+ 
+ 	ret = meson_overlay_create(priv);
+ 	if (ret)
+-		goto free_drm;
++		goto exit_afbcd;
+ 
+ 	ret = meson_crtc_create(priv);
+ 	if (ret)
+-		goto free_drm;
++		goto exit_afbcd;
+ 
+ 	ret = drm_irq_install(drm, priv->vsync_irq);
+ 	if (ret)
+-		goto free_drm;
++		goto exit_afbcd;
+ 
+ 	drm_mode_config_reset(drm);
+ 
+@@ -339,6 +339,9 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+ 
+ uninstall_irq:
+ 	drm_irq_uninstall(drm);
++exit_afbcd:
++	if (priv->afbcd.ops)
++		priv->afbcd.ops->exit(priv);
+ free_drm:
+ 	drm_dev_put(drm);
+ 
+-- 
+2.39.2
+
diff --git a/queue-5.4/drm-meson-fix-missing-component-unbind-on-bind-error.patch b/queue-5.4/drm-meson-fix-missing-component-unbind-on-bind-error.patch
new file mode 100644
index 00000000000..4b18b24c404
--- /dev/null
+++ b/queue-5.4/drm-meson-fix-missing-component-unbind-on-bind-error.patch
@@ -0,0 +1,65 @@
+From ad280f8ae51fae13ee6ec4a17764da73b7c417dc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Mar 2023 11:35:33 +0100
+Subject: drm/meson: fix missing component unbind on bind errors
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+[ Upstream commit ba98413bf45edbf33672e2539e321b851b2cfbd1 ]
+
+Make sure to unbind all subcomponents when binding the aggregate device
+fails.
+
+Fixes: a41e82e6c457 ("drm/meson: Add support for components")
+Cc: stable@vger.kernel.org      # 4.12
+Cc: Neil Armstrong <neil.armstrong@linaro.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Acked-by: Neil Armstrong <neil.armstrong@linaro.org>
+Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230306103533.4915-1-johan+linaro@kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/meson/meson_drv.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
+index 1f81ab515876a..29ee2f9ab16bc 100644
+--- a/drivers/gpu/drm/meson/meson_drv.c
++++ b/drivers/gpu/drm/meson/meson_drv.c
+@@ -309,19 +309,19 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+ 
+ 	ret = meson_plane_create(priv);
+ 	if (ret)
+-		goto exit_afbcd;
++		goto unbind_all;
+ 
+ 	ret = meson_overlay_create(priv);
+ 	if (ret)
+-		goto exit_afbcd;
++		goto unbind_all;
+ 
+ 	ret = meson_crtc_create(priv);
+ 	if (ret)
+-		goto exit_afbcd;
++		goto unbind_all;
+ 
+ 	ret = drm_irq_install(drm, priv->vsync_irq);
+ 	if (ret)
+-		goto exit_afbcd;
++		goto unbind_all;
+ 
+ 	drm_mode_config_reset(drm);
+ 
+@@ -339,6 +339,9 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+ 
+ uninstall_irq:
+ 	drm_irq_uninstall(drm);
++unbind_all:
++	if (has_components)
++		component_unbind_all(drm->dev, drm);
+ exit_afbcd:
+ 	if (priv->afbcd.ops)
+ 		priv->afbcd.ops->exit(priv);
+-- 
+2.39.2
+
diff --git a/queue-5.4/fsverity-don-t-drop-pagecache-at-end-of-fs_ioc_enabl.patch b/queue-5.4/fsverity-don-t-drop-pagecache-at-end-of-fs_ioc_enabl.patch
new file mode 100644
index 00000000000..c79217599b8
--- /dev/null
+++ b/queue-5.4/fsverity-don-t-drop-pagecache-at-end-of-fs_ioc_enabl.patch
@@ -0,0 +1,73 @@
+From 2d9d9c22afe9e7253d6126536a1ecc296f4dde31 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Mar 2023 16:31:32 -0700
+Subject: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit a075bacde257f755bea0e53400c9f1cdd1b8e8e6 ]
+
+The full pagecache drop at the end of FS_IOC_ENABLE_VERITY is causing
+performance problems and is hindering adoption of fsverity.  It was
+intended to solve a race condition where unverified pages might be left
+in the pagecache.  But actually it doesn't solve it fully.
+
+Since the incomplete solution for this race condition has too much
+performance impact for it to be worth it, let's remove it for now.
+
+Fixes: 3fda4c617e84 ("fs-verity: implement FS_IOC_ENABLE_VERITY ioctl")
+Cc: stable@vger.kernel.org
+Reviewed-by: Victor Hsieh <victorhsieh@google.com>
+Link: https://lore.kernel.org/r/20230314235332.50270-1-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/verity/enable.c | 24 +++++++++++++-----------
+ 1 file changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/fs/verity/enable.c b/fs/verity/enable.c
+index 1370bfd17e870..39459b1eff752 100644
+--- a/fs/verity/enable.c
++++ b/fs/verity/enable.c
+@@ -350,25 +350,27 @@ int fsverity_ioctl_enable(struct file *filp, const void __user *uarg)
+ 		goto out_drop_write;
+ 
+ 	err = enable_verity(filp, &arg);
+-	if (err)
+-		goto out_allow_write_access;
+ 
+ 	/*
+-	 * Some pages of the file may have been evicted from pagecache after
+-	 * being used in the Merkle tree construction, then read into pagecache
+-	 * again by another process reading from the file concurrently.  Since
+-	 * these pages didn't undergo verification against the file measurement
+-	 * which fs-verity now claims to be enforcing, we have to wipe the
+-	 * pagecache to ensure that all future reads are verified.
++	 * We no longer drop the inode's pagecache after enabling verity.  This
++	 * used to be done to try to avoid a race condition where pages could be
++	 * evicted after being used in the Merkle tree construction, then
++	 * re-instantiated by a concurrent read.  Such pages are unverified, and
++	 * the backing storage could have filled them with different content, so
++	 * they shouldn't be used to fulfill reads once verity is enabled.
++	 *
++	 * But, dropping the pagecache has a big performance impact, and it
++	 * doesn't fully solve the race condition anyway.  So for those reasons,
++	 * and also because this race condition isn't very important relatively
++	 * speaking (especially for small-ish files, where the chance of a page
++	 * being used, evicted, *and* re-instantiated all while enabling verity
++	 * is quite small), we no longer drop the inode's pagecache.
+ 	 */
+-	filemap_write_and_wait(inode->i_mapping);
+-	invalidate_inode_pages2(inode->i_mapping);
+ 
+ 	/*
+ 	 * allow_write_access() is needed to pair with deny_write_access().
+ 	 * Regardless, the filesystem won't allow writing to verity files.
+ 	 */
+-out_allow_write_access:
+ 	allow_write_access(filp);
+ out_drop_write:
+ 	mnt_drop_write_file(filp);
+-- 
+2.39.2
+
diff --git a/queue-5.4/series b/queue-5.4/series
index 03b0e45f629..5f38e53f547 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -57,3 +57,7 @@ sched-fair-sanitize-vruntime-of-entity-being-placed.patch
 sched-fair-sanitize-vruntime-of-entity-being-migrated.patch
 tun-avoid-double-free-in-tun_free_netdev.patch
 ocfs2-fix-data-corruption-after-failed-write.patch
+fsverity-don-t-drop-pagecache-at-end-of-fs_ioc_enabl.patch
+bus-imx-weim-fix-branch-condition-evaluates-to-a-gar.patch
+drm-meson-fix-error-handling-when-afbcd.ops-init-fai.patch
+drm-meson-fix-missing-component-unbind-on-bind-error.patch
-- 
2.47.3