From f9b5c2dbd915768e4e671977f733987699248923 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 3 Mar 2023 16:57:57 +0100
Subject: [PATCH] 6.1-stable patches

added patches:
	hid-asus-use-spinlock-to-protect-concurrent-accesses.patch
	hid-asus-use-spinlock-to-safely-schedule-workers.patch
	powerpc-mm-rearrange-if-else-block-to-avoid-clang-warning.patch
	series
---
 ...nlock-to-protect-concurrent-accesses.patch | 98 +++++++++++++++++++
 ...-spinlock-to-safely-schedule-workers.patch | 62 ++++++++++++
 ...if-else-block-to-avoid-clang-warning.patch | 58 +++++++++++
 queue-6.1/series                              |  3 +
 4 files changed, 221 insertions(+)
 create mode 100644 queue-6.1/hid-asus-use-spinlock-to-protect-concurrent-accesses.patch
 create mode 100644 queue-6.1/hid-asus-use-spinlock-to-safely-schedule-workers.patch
 create mode 100644 queue-6.1/powerpc-mm-rearrange-if-else-block-to-avoid-clang-warning.patch
 create mode 100644 queue-6.1/series

diff --git a/queue-6.1/hid-asus-use-spinlock-to-protect-concurrent-accesses.patch b/queue-6.1/hid-asus-use-spinlock-to-protect-concurrent-accesses.patch
new file mode 100644
index 00000000000..75cbf169f75
--- /dev/null
+++ b/queue-6.1/hid-asus-use-spinlock-to-protect-concurrent-accesses.patch
@@ -0,0 +1,98 @@
+From 315c537068a13f0b5681d33dd045a912f4bece6f Mon Sep 17 00:00:00 2001
+From: Pietro Borrello <borrello@diag.uniroma1.it>
+Date: Sun, 12 Feb 2023 19:00:02 +0000
+Subject: HID: asus: use spinlock to protect concurrent accesses
+
+From: Pietro Borrello <borrello@diag.uniroma1.it>
+
+commit 315c537068a13f0b5681d33dd045a912f4bece6f upstream.
+
+asus driver has a worker that may access data concurrently.
+Proct the accesses using a spinlock.
+
+Fixes: af22a610bc38 ("HID: asus: support backlight on USB keyboards")
+Signed-off-by: Pietro Borrello <borrello@diag.uniroma1.it>
+Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-4-7860c5763c38@diag.uniroma1.it
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/hid-asus.c |   22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-asus.c
++++ b/drivers/hid/hid-asus.c
+@@ -98,6 +98,7 @@ struct asus_kbd_leds {
+ 	struct hid_device *hdev;
+ 	struct work_struct work;
+ 	unsigned int brightness;
++	spinlock_t lock;
+ 	bool removed;
+ };
+ 
+@@ -495,7 +496,12 @@ static void asus_kbd_backlight_set(struc
+ {
+ 	struct asus_kbd_leds *led = container_of(led_cdev, struct asus_kbd_leds,
+ 						 cdev);
++	unsigned long flags;
++
++	spin_lock_irqsave(&led->lock, flags);
+ 	led->brightness = brightness;
++	spin_unlock_irqrestore(&led->lock, flags);
++
+ 	schedule_work(&led->work);
+ }
+ 
+@@ -503,8 +509,14 @@ static enum led_brightness asus_kbd_back
+ {
+ 	struct asus_kbd_leds *led = container_of(led_cdev, struct asus_kbd_leds,
+ 						 cdev);
++	enum led_brightness brightness;
++	unsigned long flags;
+ 
+-	return led->brightness;
++	spin_lock_irqsave(&led->lock, flags);
++	brightness = led->brightness;
++	spin_unlock_irqrestore(&led->lock, flags);
++
++	return brightness;
+ }
+ 
+ static void asus_kbd_backlight_work(struct work_struct *work)
+@@ -512,11 +524,14 @@ static void asus_kbd_backlight_work(stru
+ 	struct asus_kbd_leds *led = container_of(work, struct asus_kbd_leds, work);
+ 	u8 buf[] = { FEATURE_KBD_REPORT_ID, 0xba, 0xc5, 0xc4, 0x00 };
+ 	int ret;
++	unsigned long flags;
+ 
+ 	if (led->removed)
+ 		return;
+ 
++	spin_lock_irqsave(&led->lock, flags);
+ 	buf[4] = led->brightness;
++	spin_unlock_irqrestore(&led->lock, flags);
+ 
+ 	ret = asus_kbd_set_report(led->hdev, buf, sizeof(buf));
+ 	if (ret < 0)
+@@ -584,6 +599,7 @@ static int asus_kbd_register_leds(struct
+ 	drvdata->kbd_backlight->cdev.brightness_set = asus_kbd_backlight_set;
+ 	drvdata->kbd_backlight->cdev.brightness_get = asus_kbd_backlight_get;
+ 	INIT_WORK(&drvdata->kbd_backlight->work, asus_kbd_backlight_work);
++	spin_lock_init(&drvdata->kbd_backlight->lock);
+ 
+ 	ret = devm_led_classdev_register(&hdev->dev, &drvdata->kbd_backlight->cdev);
+ 	if (ret < 0) {
+@@ -1119,9 +1135,13 @@ err_stop_hw:
+ static void asus_remove(struct hid_device *hdev)
+ {
+ 	struct asus_drvdata *drvdata = hid_get_drvdata(hdev);
++	unsigned long flags;
+ 
+ 	if (drvdata->kbd_backlight) {
++		spin_lock_irqsave(&drvdata->kbd_backlight->lock, flags);
+ 		drvdata->kbd_backlight->removed = true;
++		spin_unlock_irqrestore(&drvdata->kbd_backlight->lock, flags);
++
+ 		cancel_work_sync(&drvdata->kbd_backlight->work);
+ 	}
+ 
diff --git a/queue-6.1/hid-asus-use-spinlock-to-safely-schedule-workers.patch b/queue-6.1/hid-asus-use-spinlock-to-safely-schedule-workers.patch
new file mode 100644
index 00000000000..832008ac6fd
--- /dev/null
+++ b/queue-6.1/hid-asus-use-spinlock-to-safely-schedule-workers.patch
@@ -0,0 +1,62 @@
+From 4ab3a086d10eeec1424f2e8a968827a6336203df Mon Sep 17 00:00:00 2001
+From: Pietro Borrello <borrello@diag.uniroma1.it>
+Date: Sun, 12 Feb 2023 19:00:03 +0000
+Subject: HID: asus: use spinlock to safely schedule workers
+
+From: Pietro Borrello <borrello@diag.uniroma1.it>
+
+commit 4ab3a086d10eeec1424f2e8a968827a6336203df upstream.
+
+Use spinlocks to deal with workers introducing a wrapper
+asus_schedule_work(), and several spinlock checks.
+Otherwise, asus_kbd_backlight_set() may schedule led->work after the
+structure has been freed, causing a use-after-free.
+
+Fixes: af22a610bc38 ("HID: asus: support backlight on USB keyboards")
+Signed-off-by: Pietro Borrello <borrello@diag.uniroma1.it>
+Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-5-7860c5763c38@diag.uniroma1.it
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/hid-asus.c |   15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+--- a/drivers/hid/hid-asus.c
++++ b/drivers/hid/hid-asus.c
+@@ -491,6 +491,16 @@ static int rog_nkey_led_init(struct hid_
+ 	return ret;
+ }
+ 
++static void asus_schedule_work(struct asus_kbd_leds *led)
++{
++	unsigned long flags;
++
++	spin_lock_irqsave(&led->lock, flags);
++	if (!led->removed)
++		schedule_work(&led->work);
++	spin_unlock_irqrestore(&led->lock, flags);
++}
++
+ static void asus_kbd_backlight_set(struct led_classdev *led_cdev,
+ 				   enum led_brightness brightness)
+ {
+@@ -502,7 +512,7 @@ static void asus_kbd_backlight_set(struc
+ 	led->brightness = brightness;
+ 	spin_unlock_irqrestore(&led->lock, flags);
+ 
+-	schedule_work(&led->work);
++	asus_schedule_work(led);
+ }
+ 
+ static enum led_brightness asus_kbd_backlight_get(struct led_classdev *led_cdev)
+@@ -526,9 +536,6 @@ static void asus_kbd_backlight_work(stru
+ 	int ret;
+ 	unsigned long flags;
+ 
+-	if (led->removed)
+-		return;
+-
+ 	spin_lock_irqsave(&led->lock, flags);
+ 	buf[4] = led->brightness;
+ 	spin_unlock_irqrestore(&led->lock, flags);
diff --git a/queue-6.1/powerpc-mm-rearrange-if-else-block-to-avoid-clang-warning.patch b/queue-6.1/powerpc-mm-rearrange-if-else-block-to-avoid-clang-warning.patch
new file mode 100644
index 00000000000..bafc07f1c4c
--- /dev/null
+++ b/queue-6.1/powerpc-mm-rearrange-if-else-block-to-avoid-clang-warning.patch
@@ -0,0 +1,58 @@
+From d78c8e32890ef7eca79ffd67c96022c7f9d8cce4 Mon Sep 17 00:00:00 2001
+From: Anders Roxell <anders.roxell@linaro.org>
+Date: Wed, 10 Aug 2022 13:43:18 +0200
+Subject: powerpc/mm: Rearrange if-else block to avoid clang warning
+
+From: Anders Roxell <anders.roxell@linaro.org>
+
+commit d78c8e32890ef7eca79ffd67c96022c7f9d8cce4 upstream.
+
+Clang warns:
+
+  arch/powerpc/mm/book3s64/radix_tlb.c:1191:23: error: variable 'hstart' is uninitialized when used here
+    __tlbiel_va_range(hstart, hend, pid,
+                      ^~~~~~
+  arch/powerpc/mm/book3s64/radix_tlb.c:1191:31: error: variable 'hend' is uninitialized when used here
+    __tlbiel_va_range(hstart, hend, pid,
+                              ^~~~
+
+Rework the 'if (IS_ENABLE(CONFIG_TRANSPARENT_HUGEPAGE))' so hstart/hend
+is always initialized to silence the warnings. That will also simplify
+the 'else' path. Clang is getting confused with these warnings, but the
+warnings is a false-positive.
+
+Suggested-by: Arnd Bergmann <arnd@arndb.de>
+Suggested-by: Nathan Chancellor <nathan@kernel.org>
+Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
+Reviewed-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20220810114318.3220630-1-anders.roxell@linaro.org
+Signed-off-by: Daniel DÃ­az <daniel.diaz@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/mm/book3s64/radix_tlb.c |   11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/arch/powerpc/mm/book3s64/radix_tlb.c
++++ b/arch/powerpc/mm/book3s64/radix_tlb.c
+@@ -1179,15 +1179,12 @@ static inline void __radix__flush_tlb_ra
+ 			}
+ 		}
+ 	} else {
+-		bool hflush = false;
++		bool hflush;
+ 		unsigned long hstart, hend;
+ 
+-		if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE)) {
+-			hstart = (start + PMD_SIZE - 1) & PMD_MASK;
+-			hend = end & PMD_MASK;
+-			if (hstart < hend)
+-				hflush = true;
+-		}
++		hstart = (start + PMD_SIZE - 1) & PMD_MASK;
++		hend = end & PMD_MASK;
++		hflush = IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) && hstart < hend;
+ 
+ 		if (type == FLUSH_TYPE_LOCAL) {
+ 			asm volatile("ptesync": : :"memory");
diff --git a/queue-6.1/series b/queue-6.1/series
new file mode 100644
index 00000000000..5c7ab7bf849
--- /dev/null
+++ b/queue-6.1/series
@@ -0,0 +1,3 @@
+hid-asus-use-spinlock-to-protect-concurrent-accesses.patch
+hid-asus-use-spinlock-to-safely-schedule-workers.patch
+powerpc-mm-rearrange-if-else-block-to-avoid-clang-warning.patch
-- 
2.47.3