--- /dev/null
+From a934d6bd991adc306b92e1a9f993313d952ad4a2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 20 Nov 2023 12:25:56 -1000
+Subject: blk-iocost: Fix an UBSAN shift-out-of-bounds warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Tejun Heo <tj@kernel.org>
+
+[ Upstream commit 2a427b49d02995ea4a6ff93a1432c40fa4d36821 ]
+
+When iocg_kick_delay() is called from a CPU different than the one which set
+the delay, @now may be in the past of @iocg->delay_at leading to the
+following warning:
+
+ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1359:23
+ shift exponent 18446744073709 is too large for 64-bit type 'u64' (aka 'unsigned long long')
+ ...
+ Call Trace:
+ <TASK>
+ dump_stack_lvl+0x79/0xc0
+ __ubsan_handle_shift_out_of_bounds+0x2ab/0x300
+ iocg_kick_delay+0x222/0x230
+ ioc_rqos_merge+0x1d7/0x2c0
+ __rq_qos_merge+0x2c/0x80
+ bio_attempt_back_merge+0x83/0x190
+ blk_attempt_plug_merge+0x101/0x150
+ blk_mq_submit_bio+0x2b1/0x720
+ submit_bio_noacct_nocheck+0x320/0x3e0
+ __swap_writepage+0x2ab/0x9d0
+
+The underflow itself doesn't really affect the behavior in any meaningful
+way; however, the past timestamp may exaggerate the delay amount calculated
+later in the code, which shouldn't be a material problem given the nature of
+the delay mechanism.
+
+If @now is in the past, this CPU is racing another CPU which recently set up
+the delay and there's nothing this CPU can contribute w.r.t. the delay.
+Let's bail early from iocg_kick_delay() in such cases.
+
+Reported-by: Breno Leitão <leitao@debian.org>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Fixes: 5160a5a53c0c ("blk-iocost: implement delay adjustment hysteresis")
+Link: https://lore.kernel.org/r/ZVvc9L_CYk5LO1fT@slm.duckdns.org
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ block/blk-iocost.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/block/blk-iocost.c b/block/blk-iocost.c
+index 089fcb9cfce3..7ee8d85c2c68 100644
+--- a/block/blk-iocost.c
++++ b/block/blk-iocost.c
+@@ -1353,6 +1353,13 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now)
+
+ lockdep_assert_held(&iocg->waitq.lock);
+
++ /*
++ * If the delay is set by another CPU, we may be in the past. No need to
++ * change anything if so. This avoids decay calculation underflow.
++ */
++ if (time_before64(now->now, iocg->delay_at))
++ return false;
++
+ /* calculate the current delay in effect - 1/2 every second */
+ tdelta = now->now - iocg->delay_at;
+ if (iocg->delay)
+--
+2.43.0
+
--- /dev/null
+From e30cad94fa40c07bb3d7c92e6e2cab612291fa44 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Jan 2024 12:48:54 +0100
+Subject: nvme-host: fix the updating of the firmware version
+
+From: Maurizio Lombardi <mlombard@redhat.com>
+
+[ Upstream commit f0377ff97509f5a4921993d5d61da000361bd884 ]
+
+The original code didn't update the firmware version if the
+"next slot" of the AFI register isn't zero or if the
+"current slot" field is zero; in those cases it assumed
+that a reset was needed.
+
+However, the NVMe specification doesn't exclude the possibility that
+the "next slot" value is equal to the "current slot" value,
+meaning that the same firmware slot will be activated after performing
+a controller level reset; in this case a reset is clearly not
+necessary and we can safely update the firmware version.
+
+Modify the code so the kernel will report that a Controller Level Reset
+is needed only in the following cases:
+
+1) If the "current slot" field is zero. This is invalid and means that
+ something is wrong, a reset is needed.
+
+or
+
+2) if the "next slot" field isn't zero AND it's not equal to the
+ "current slot" value. This means that at the next reset a different
+ firmware slot will be activated.
+
+Fixes: 983a338b96c8 ("nvme: update firmware version after commit")
+Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
+Reviewed-by: Daniel Wagner <dwagner@suse.de>
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/host/core.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
+index 60f14019f981..86149275ccb8 100644
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -4107,6 +4107,7 @@ static bool nvme_ctrl_pp_status(struct nvme_ctrl *ctrl)
+ static void nvme_get_fw_slot_info(struct nvme_ctrl *ctrl)
+ {
+ struct nvme_fw_slot_info_log *log;
++ u8 next_fw_slot, cur_fw_slot;
+
+ log = kmalloc(sizeof(*log), GFP_KERNEL);
+ if (!log)
+@@ -4118,13 +4119,15 @@ static void nvme_get_fw_slot_info(struct nvme_ctrl *ctrl)
+ goto out_free_log;
+ }
+
+- if (log->afi & 0x70 || !(log->afi & 0x7)) {
++ cur_fw_slot = log->afi & 0x7;
++ next_fw_slot = (log->afi & 0x70) >> 4;
++ if (!cur_fw_slot || (next_fw_slot && (cur_fw_slot != next_fw_slot))) {
+ dev_info(ctrl->device,
+ "Firmware is activated after next Controller Level Reset\n");
+ goto out_free_log;
+ }
+
+- memcpy(ctrl->subsys->firmware_rev, &log->frs[(log->afi & 0x7) - 1],
++ memcpy(ctrl->subsys->firmware_rev, &log->frs[cur_fw_slot - 1],
+ sizeof(ctrl->subsys->firmware_rev));
+
+ out_free_log:
+--
+2.43.0
+
--- /dev/null
+From ee1ceeefe7b119c8517b5beb99f6fa42fe9a8de7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Oct 2023 20:51:25 +0500
+Subject: selftests: core: include linux/close_range.h for CLOSE_RANGE_* macros
+
+From: Muhammad Usama Anjum <usama.anjum@collabora.com>
+
+[ Upstream commit 01c1484ac04790fe27a37f89dd3a350f99646815 ]
+
+Correct header file is needed for getting CLOSE_RANGE_* macros.
+Previously it was tested with newer glibc which didn't show the need to
+include the header which was a mistake.
+
+Link: https://lkml.kernel.org/r/20231024155137.219700-1-usama.anjum@collabora.com
+Fixes: ec54424923cf ("selftests: core: remove duplicate defines")
+Reported-by: Aishwarya TCV <aishwarya.tcv@arm.com>
+Link: https://lore.kernel.org/all/7161219e-0223-d699-d6f3-81abd9abf13b@arm.com
+Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
+Cc: Shuah Khan <shuah@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/core/close_range_test.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/testing/selftests/core/close_range_test.c b/tools/testing/selftests/core/close_range_test.c
+index 534576f06df1..c59e4adb905d 100644
+--- a/tools/testing/selftests/core/close_range_test.c
++++ b/tools/testing/selftests/core/close_range_test.c
+@@ -12,6 +12,7 @@
+ #include <syscall.h>
+ #include <unistd.h>
+ #include <sys/resource.h>
++#include <linux/close_range.h>
+
+ #include "../kselftest_harness.h"
+ #include "../clone3/clone3_selftests.h"
+--
+2.43.0
+
ceph-always-set-initial-i_blkbits-to-ceph_fscrypt_bl.patch
riscv-fix-arch_hugetlb_migration_supported-for-napot.patch
riscv-declare-overflow_stack-as-exported-from-traps..patch
+nvme-host-fix-the-updating-of-the-firmware-version.patch
+selftests-core-include-linux-close_range.h-for-close.patch
+blk-iocost-fix-an-ubsan-shift-out-of-bounds-warning.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
