From: Sasha Levin Date: Mon, 17 Mar 2025 14:33:53 +0000 (-0400) Subject: Fixes for 6.6 X-Git-Tag: v6.6.84~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=360ee3f03b56472df5b8f3cfa7a98eede0e11c78;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.6 Signed-off-by: Sasha Levin --- diff --git a/queue-6.6/asoc-codecs-wm0010-fix-error-handling-path-in-wm0010.patch b/queue-6.6/asoc-codecs-wm0010-fix-error-handling-path-in-wm0010.patch new file mode 100644 index 0000000000..d45cac7c14 --- /dev/null +++ b/queue-6.6/asoc-codecs-wm0010-fix-error-handling-path-in-wm0010.patch @@ -0,0 +1,59 @@ +From bfabd5c224f896d4f62f2229d7bb1ad95ddb8b2f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 10 Mar 2025 18:45:36 +0100 +Subject: ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() + +From: Christophe JAILLET + +[ Upstream commit ed92bc5264c4357d4fca292c769ea9967cd3d3b6 ] + +Free some resources in the error handling path of the probe, as already +done in the remove function. + +Fixes: e3523e01869d ("ASoC: wm0010: Add initial wm0010 DSP driver") +Fixes: fd8b96574456 ("ASoC: wm0010: Clear IRQ as wake source and include missing header") +Signed-off-by: Christophe JAILLET +Reviewed-by: Charles Keepax +Link: https://patch.msgid.link/5139ba1ab8c4c157ce04e56096a0f54a1683195c.1741549792.git.christophe.jaillet@wanadoo.fr +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/wm0010.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/codecs/wm0010.c b/sound/soc/codecs/wm0010.c +index 1d4259433f47e..6b67edd528bc5 100644 +--- a/sound/soc/codecs/wm0010.c ++++ b/sound/soc/codecs/wm0010.c +@@ -951,7 +951,7 @@ static int wm0010_spi_probe(struct spi_device *spi) + if (ret) { + dev_err(wm0010->dev, "Failed to set IRQ %d as wake source: %d\n", + irq, ret); +- return ret; ++ goto free_irq; + } + + if (spi->max_speed_hz) +@@ -963,9 +963,18 @@ static int wm0010_spi_probe(struct spi_device *spi) + &soc_component_dev_wm0010, wm0010_dai, + ARRAY_SIZE(wm0010_dai)); + if (ret < 0) +- return ret; ++ goto disable_irq_wake; + + return 0; ++ ++disable_irq_wake: ++ irq_set_irq_wake(wm0010->irq, 0); ++ ++free_irq: ++ if (wm0010->irq) ++ free_irq(wm0010->irq, wm0010); ++ ++ return ret; + } + + static void wm0010_spi_remove(struct spi_device *spi) +-- +2.39.5 + diff --git a/queue-6.6/asoc-cs42l43-fix-maximum-adc-volume.patch b/queue-6.6/asoc-cs42l43-fix-maximum-adc-volume.patch new file mode 100644 index 0000000000..0440d82aea --- /dev/null +++ b/queue-6.6/asoc-cs42l43-fix-maximum-adc-volume.patch @@ -0,0 +1,37 @@ +From c9c08f028eaf30280c11ae4b863903561c1e7c43 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Mar 2025 13:32:54 +0000 +Subject: ASoC: cs42l43: Fix maximum ADC Volume + +From: Charles Keepax + +[ Upstream commit e26f1cfeac6712516bfeed80890da664f4f2e88a ] + +The range of ADC volume is -1 -> 3 (-6 to 18dB) so the number of levels +should actually be 4. + +Fixes: fc918cbe874e ("ASoC: cs42l43: Add support for the cs42l43") +Signed-off-by: Charles Keepax +Link: https://patch.msgid.link/20250306133254.1861046-1-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/cs42l43.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/cs42l43.c b/sound/soc/codecs/cs42l43.c +index 1443eb1dc0b17..4f78b7668b609 100644 +--- a/sound/soc/codecs/cs42l43.c ++++ b/sound/soc/codecs/cs42l43.c +@@ -1020,7 +1020,7 @@ static const struct snd_kcontrol_new cs42l43_controls[] = { + + SOC_DOUBLE_R_SX_TLV("ADC Volume", CS42L43_ADC_B_CTRL1, CS42L43_ADC_B_CTRL2, + CS42L43_ADC_PGA_GAIN_SHIFT, +- 0xF, 5, cs42l43_adc_tlv), ++ 0xF, 4, cs42l43_adc_tlv), + + SOC_DOUBLE("PDM1 Invert Switch", CS42L43_DMIC_PDM_CTRL, + CS42L43_PDM1L_INV_SHIFT, CS42L43_PDM1R_INV_SHIFT, 1, 0), +-- +2.39.5 + diff --git a/queue-6.6/asoc-ops-consistently-treat-platform_max-as-control-.patch b/queue-6.6/asoc-ops-consistently-treat-platform_max-as-control-.patch new file mode 100644 index 0000000000..8237c98d65 --- /dev/null +++ b/queue-6.6/asoc-ops-consistently-treat-platform_max-as-control-.patch @@ -0,0 +1,106 @@ +From 10ec5fe38e164d75f0e5cf351f2e9da5d6b72e03 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 28 Feb 2025 15:14:56 +0000 +Subject: ASoC: ops: Consistently treat platform_max as control value + +From: Charles Keepax + +[ Upstream commit 0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3 ] + +This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in +snd_soc_put_volsw() by +min"), and makes some additional related +updates. + +There are two ways the platform_max could be interpreted; the maximum +register value, or the maximum value the control can be set to. The +patch moved from treating the value as a control value to a register +one. When the patch was applied it was technically correct as +snd_soc_limit_volume() also used the register interpretation. However, +even then most of the other usages treated platform_max as a +control value, and snd_soc_limit_volume() has since been updated to +also do so in commit fb9ad24485087 ("ASoC: ops: add correct range +check for limiting volume"). That patch however, missed updating +snd_soc_put_volsw() back to the control interpretation, and fixing +snd_soc_info_volsw_range(). The control interpretation makes more +sense as limiting is typically done from the machine driver, so it is +appropriate to use the customer facing representation rather than the +internal codec representation. Update all the code to consistently use +this interpretation of platform_max. + +Finally, also add some comments to the soc_mixer_control struct to +hopefully avoid further patches switching between the two approaches. + +Fixes: fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume") +Signed-off-by: Charles Keepax +Link: https://patch.msgid.link/20250228151456.3703342-1-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + include/sound/soc.h | 5 ++++- + sound/soc/soc-ops.c | 15 +++++++-------- + 2 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/include/sound/soc.h b/include/sound/soc.h +index c1acc46529b9d..1f99c29aebdfe 100644 +--- a/include/sound/soc.h ++++ b/include/sound/soc.h +@@ -1184,7 +1184,10 @@ void snd_soc_close_delayed_work(struct snd_soc_pcm_runtime *rtd); + + /* mixer control */ + struct soc_mixer_control { +- int min, max, platform_max; ++ /* Minimum and maximum specified as written to the hardware */ ++ int min, max; ++ /* Limited maximum value specified as presented through the control */ ++ int platform_max; + int reg, rreg; + unsigned int shift, rshift; + unsigned int sign_bit; +diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c +index b27e89ff6a167..b4cfc34d00ee6 100644 +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -336,7 +336,7 @@ int snd_soc_put_volsw(struct snd_kcontrol *kcontrol, + if (ucontrol->value.integer.value[0] < 0) + return -EINVAL; + val = ucontrol->value.integer.value[0]; +- if (mc->platform_max && ((int)val + min) > mc->platform_max) ++ if (mc->platform_max && val > mc->platform_max) + return -EINVAL; + if (val > max - min) + return -EINVAL; +@@ -349,7 +349,7 @@ int snd_soc_put_volsw(struct snd_kcontrol *kcontrol, + if (ucontrol->value.integer.value[1] < 0) + return -EINVAL; + val2 = ucontrol->value.integer.value[1]; +- if (mc->platform_max && ((int)val2 + min) > mc->platform_max) ++ if (mc->platform_max && val2 > mc->platform_max) + return -EINVAL; + if (val2 > max - min) + return -EINVAL; +@@ -502,17 +502,16 @@ int snd_soc_info_volsw_range(struct snd_kcontrol *kcontrol, + { + struct soc_mixer_control *mc = + (struct soc_mixer_control *)kcontrol->private_value; +- int platform_max; +- int min = mc->min; ++ int max; + +- if (!mc->platform_max) +- mc->platform_max = mc->max; +- platform_max = mc->platform_max; ++ max = mc->max - mc->min; ++ if (mc->platform_max && mc->platform_max < max) ++ max = mc->platform_max; + + uinfo->type = SNDRV_CTL_ELEM_TYPE_INTEGER; + uinfo->count = snd_soc_volsw_is_stereo(mc) ? 2 : 1; + uinfo->value.integer.min = 0; +- uinfo->value.integer.max = platform_max - min; ++ uinfo->value.integer.max = max; + + return 0; + } +-- +2.39.5 + diff --git a/queue-6.6/asoc-rt722-sdca-add-missing-readable-registers.patch b/queue-6.6/asoc-rt722-sdca-add-missing-readable-registers.patch new file mode 100644 index 0000000000..4daf155687 --- /dev/null +++ b/queue-6.6/asoc-rt722-sdca-add-missing-readable-registers.patch @@ -0,0 +1,44 @@ +From 3f97592f7895a15ff6ba914d18d19857ff7dc24d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 10 Mar 2025 16:04:40 +0800 +Subject: ASoC: rt722-sdca: add missing readable registers + +From: Bard Liao + +[ Upstream commit 247fba13416af65b155949bae582d55c310f58b6 ] + +SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_FU15, +RT722_SDCA_CTL_FU_CH_GAIN, CH_01) ... SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, +RT722_SDCA_ENT_FU15, RT722_SDCA_CTL_FU_CH_GAIN, CH_04) are used by the +"FU15 Boost Volume" control, but not marked as readable. +And the mbq size are 2 for those registers. + +Fixes: 7f5d6036ca005 ("ASoC: rt722-sdca: Add RT722 SDCA driver") +Signed-off-by: Bard Liao +Reviewed-by: Ranjani Sridharan +Reviewed-by: Shuming Fan +Link: https://patch.msgid.link/20250310080440.58797-1-yung-chuan.liao@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt722-sdca-sdw.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/sound/soc/codecs/rt722-sdca-sdw.c b/sound/soc/codecs/rt722-sdca-sdw.c +index 91314327d9eee..c382cb6be6025 100644 +--- a/sound/soc/codecs/rt722-sdca-sdw.c ++++ b/sound/soc/codecs/rt722-sdca-sdw.c +@@ -86,6 +86,10 @@ static bool rt722_sdca_mbq_readable_register(struct device *dev, unsigned int re + case 0x6100067: + case 0x6100070 ... 0x610007c: + case 0x6100080: ++ case SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_FU15, RT722_SDCA_CTL_FU_CH_GAIN, ++ CH_01) ... ++ SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_FU15, RT722_SDCA_CTL_FU_CH_GAIN, ++ CH_04): + case SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_USER_FU1E, RT722_SDCA_CTL_FU_VOLUME, + CH_01): + case SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_USER_FU1E, RT722_SDCA_CTL_FU_VOLUME, +-- +2.39.5 + diff --git a/queue-6.6/cifs-fix-integer-overflow-while-processing-acdirmax-.patch b/queue-6.6/cifs-fix-integer-overflow-while-processing-acdirmax-.patch new file mode 100644 index 0000000000..e0d618698c --- /dev/null +++ b/queue-6.6/cifs-fix-integer-overflow-while-processing-acdirmax-.patch @@ -0,0 +1,44 @@ +From cd606c0a790fb98dd722b10aea1d2e5db8f85a83 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 11 Mar 2025 17:22:04 +0300 +Subject: cifs: Fix integer overflow while processing acdirmax mount option + +From: Murad Masimov + +[ Upstream commit 5b29891f91dfb8758baf1e2217bef4b16b2b165b ] + +User-provided mount parameter acdirmax of type u32 is intended to have +an upper limit, but before it is validated, the value is converted from +seconds to jiffies which can lead to an integer overflow. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: 4c9f948142a5 ("cifs: Add new mount parameter "acdirmax" to allow caching directory metadata") +Signed-off-by: Murad Masimov +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/fs_context.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c +index 82a0987f4f868..479801187c762 100644 +--- a/fs/smb/client/fs_context.c ++++ b/fs/smb/client/fs_context.c +@@ -1273,11 +1273,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, + ctx->acregmax = HZ * result.uint_32; + break; + case Opt_acdirmax: +- ctx->acdirmax = HZ * result.uint_32; +- if (ctx->acdirmax > CIFS_MAX_ACTIMEO) { ++ if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) { + cifs_errorf(fc, "acdirmax too large\n"); + goto cifs_parse_mount_err; + } ++ ctx->acdirmax = HZ * result.uint_32; + break; + case Opt_actimeo: + if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) { +-- +2.39.5 + diff --git a/queue-6.6/cifs-fix-integer-overflow-while-processing-acregmax-.patch b/queue-6.6/cifs-fix-integer-overflow-while-processing-acregmax-.patch new file mode 100644 index 0000000000..e00b2679f1 --- /dev/null +++ b/queue-6.6/cifs-fix-integer-overflow-while-processing-acregmax-.patch @@ -0,0 +1,44 @@ +From 321c4c603444c62ed0142f988663039879ca39cc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 11 Mar 2025 17:22:03 +0300 +Subject: cifs: Fix integer overflow while processing acregmax mount option + +From: Murad Masimov + +[ Upstream commit 7489161b1852390b4413d57f2457cd40b34da6cc ] + +User-provided mount parameter acregmax of type u32 is intended to have +an upper limit, but before it is validated, the value is converted from +seconds to jiffies which can lead to an integer overflow. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: 5780464614f6 ("cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout") +Signed-off-by: Murad Masimov +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/fs_context.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c +index 249dd3f4904e3..82a0987f4f868 100644 +--- a/fs/smb/client/fs_context.c ++++ b/fs/smb/client/fs_context.c +@@ -1266,11 +1266,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, + } + break; + case Opt_acregmax: +- ctx->acregmax = HZ * result.uint_32; +- if (ctx->acregmax > CIFS_MAX_ACTIMEO) { ++ if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) { + cifs_errorf(fc, "acregmax too large\n"); + goto cifs_parse_mount_err; + } ++ ctx->acregmax = HZ * result.uint_32; + break; + case Opt_acdirmax: + ctx->acdirmax = HZ * result.uint_32; +-- +2.39.5 + diff --git a/queue-6.6/cifs-fix-integer-overflow-while-processing-actimeo-m.patch b/queue-6.6/cifs-fix-integer-overflow-while-processing-actimeo-m.patch new file mode 100644 index 0000000000..4b1b641cc7 --- /dev/null +++ b/queue-6.6/cifs-fix-integer-overflow-while-processing-actimeo-m.patch @@ -0,0 +1,39 @@ +From e00303f1270deb1e1d15f9ed13cf0a31c878b444 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 11 Mar 2025 17:22:05 +0300 +Subject: cifs: Fix integer overflow while processing actimeo mount option + +From: Murad Masimov + +[ Upstream commit 64f690ee22c99e16084e0e45181b2a1eed2fa149 ] + +User-provided mount parameter actimeo of type u32 is intended to have +an upper limit, but before it is validated, the value is converted from +seconds to jiffies which can lead to an integer overflow. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: 6d20e8406f09 ("cifs: add attribute cache timeout (actimeo) tunable") +Signed-off-by: Murad Masimov +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/fs_context.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c +index 479801187c762..51604c78f9ea4 100644 +--- a/fs/smb/client/fs_context.c ++++ b/fs/smb/client/fs_context.c +@@ -1280,7 +1280,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, + ctx->acdirmax = HZ * result.uint_32; + break; + case Opt_actimeo: +- if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) { ++ if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) { + cifs_errorf(fc, "timeout too large\n"); + goto cifs_parse_mount_err; + } +-- +2.39.5 + diff --git a/queue-6.6/cifs-fix-integer-overflow-while-processing-closetime.patch b/queue-6.6/cifs-fix-integer-overflow-while-processing-closetime.patch new file mode 100644 index 0000000000..397de77569 --- /dev/null +++ b/queue-6.6/cifs-fix-integer-overflow-while-processing-closetime.patch @@ -0,0 +1,44 @@ +From 7a12ecf465ab7c34853de491d5c987d25e728623 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 11 Mar 2025 17:22:06 +0300 +Subject: cifs: Fix integer overflow while processing closetimeo mount option + +From: Murad Masimov + +[ Upstream commit d5a30fddfe2f2e540f6c43b59cf701809995faef ] + +User-provided mount parameter closetimeo of type u32 is intended to have +an upper limit, but before it is validated, the value is converted from +seconds to jiffies which can lead to an integer overflow. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: 5efdd9122eff ("smb3: allow deferred close timeout to be configurable") +Signed-off-by: Murad Masimov +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/fs_context.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c +index 51604c78f9ea4..b90cc918de7a3 100644 +--- a/fs/smb/client/fs_context.c ++++ b/fs/smb/client/fs_context.c +@@ -1292,11 +1292,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, + ctx->acdirmax = ctx->acregmax = HZ * result.uint_32; + break; + case Opt_closetimeo: +- ctx->closetimeo = HZ * result.uint_32; +- if (ctx->closetimeo > SMB3_MAX_DCLOSETIMEO) { ++ if (result.uint_32 > SMB3_MAX_DCLOSETIMEO / HZ) { + cifs_errorf(fc, "closetimeo too large\n"); + goto cifs_parse_mount_err; + } ++ ctx->closetimeo = HZ * result.uint_32; + break; + case Opt_echo_interval: + ctx->echo_interval = result.uint_32; +-- +2.39.5 + diff --git a/queue-6.6/cifs-throw-eopnotsupp-error-on-unsupported-reparse-p.patch b/queue-6.6/cifs-throw-eopnotsupp-error-on-unsupported-reparse-p.patch new file mode 100644 index 0000000000..d42b6bf2ea --- /dev/null +++ b/queue-6.6/cifs-throw-eopnotsupp-error-on-unsupported-reparse-p.patch @@ -0,0 +1,46 @@ +From a3fd0d245a09ec2b078bab6d99dae47eece7e196 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 18 Sep 2024 00:16:05 +0200 +Subject: cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from + parse_reparse_point() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +[ Upstream commit cad3fc0a4c8cef07b07ceddc137f582267577250 ] + +This would help to track and detect by caller if the reparse point type was +processed or not. + +Signed-off-by: Pali Rohár +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/reparse.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c +index bd8808e50d127..bb246ef0458fb 100644 +--- a/fs/smb/client/reparse.c ++++ b/fs/smb/client/reparse.c +@@ -656,13 +656,12 @@ int parse_reparse_point(struct reparse_data_buffer *buf, + le32_to_cpu(buf->ReparseTag)); + return -EIO; + } +- break; ++ return 0; + default: + cifs_tcon_dbg(VFS | ONCE, "unhandled reparse tag: 0x%08x\n", + le32_to_cpu(buf->ReparseTag)); +- break; ++ return -EOPNOTSUPP; + } +- return 0; + } + + int smb2_parse_reparse_point(struct cifs_sb_info *cifs_sb, +-- +2.39.5 + diff --git a/queue-6.6/cifs-validate-content-of-wsl-reparse-point-buffers.patch b/queue-6.6/cifs-validate-content-of-wsl-reparse-point-buffers.patch new file mode 100644 index 0000000000..443aad5fe4 --- /dev/null +++ b/queue-6.6/cifs-validate-content-of-wsl-reparse-point-buffers.patch @@ -0,0 +1,42 @@ +From d7ec28d92af89c61d049d0fea091fdfd6e07a112 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 21 Sep 2024 01:29:33 +0200 +Subject: cifs: Validate content of WSL reparse point buffers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +[ Upstream commit 1f48660667efb97c3cf70485c7e1977af718b48b ] + +WSL socket, fifo, char and block devices have empty reparse buffer. +Validate the length of the reparse buffer. + +Signed-off-by: Pali Rohár +Signed-off-by: Steve French +Stable-dep-of: cad3fc0a4c8c ("cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from parse_reparse_point()") +Signed-off-by: Sasha Levin +--- + fs/smb/client/reparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c +index e56a8df23fec9..bd8808e50d127 100644 +--- a/fs/smb/client/reparse.c ++++ b/fs/smb/client/reparse.c +@@ -651,6 +651,11 @@ int parse_reparse_point(struct reparse_data_buffer *buf, + case IO_REPARSE_TAG_LX_FIFO: + case IO_REPARSE_TAG_LX_CHR: + case IO_REPARSE_TAG_LX_BLK: ++ if (le16_to_cpu(buf->ReparseDataLength) != 0) { ++ cifs_dbg(VFS, "srv returned malformed buffer for reparse point: 0x%08x\n", ++ le32_to_cpu(buf->ReparseTag)); ++ return -EIO; ++ } + break; + default: + cifs_tcon_dbg(VFS | ONCE, "unhandled reparse tag: 0x%08x\n", +-- +2.39.5 + diff --git a/queue-6.6/drm-gma500-add-null-check-for-pci_gfx_root-in-mid_ge.patch b/queue-6.6/drm-gma500-add-null-check-for-pci_gfx_root-in-mid_ge.patch new file mode 100644 index 0000000000..bb3fef69be --- /dev/null +++ b/queue-6.6/drm-gma500-add-null-check-for-pci_gfx_root-in-mid_ge.patch @@ -0,0 +1,47 @@ +From 98f8368fb9e6793565e4ea6c443e0e863937d252 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Mar 2025 14:20:45 +0300 +Subject: drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() + +From: Ivan Abramov + +[ Upstream commit 9af152dcf1a06f589f44a74da4ad67e365d4db9a ] + +Since pci_get_domain_bus_and_slot() can return NULL, add NULL check for +pci_gfx_root in the mid_get_vbt_data(). + +This change is similar to the checks implemented in mid_get_fuse_settings() +and mid_get_pci_revID(), which were introduced by commit 0cecdd818cd7 +("gma500: Final enables for Oaktrail") as "additional minor +bulletproofing". + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: f910b411053f ("gma500: Add the glue to the various BIOS and firmware interfaces") +Signed-off-by: Ivan Abramov +Signed-off-by: Patrik Jakobsson +Link: https://patchwork.freedesktop.org/patch/msgid/20250306112046.17144-1-i.abramov@mt-integration.ru +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/gma500/mid_bios.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/gpu/drm/gma500/mid_bios.c b/drivers/gpu/drm/gma500/mid_bios.c +index 7e76790c6a81f..cba97d7db131d 100644 +--- a/drivers/gpu/drm/gma500/mid_bios.c ++++ b/drivers/gpu/drm/gma500/mid_bios.c +@@ -279,6 +279,11 @@ static void mid_get_vbt_data(struct drm_psb_private *dev_priv) + 0, PCI_DEVFN(2, 0)); + int ret = -1; + ++ if (pci_gfx_root == NULL) { ++ WARN_ON(1); ++ return; ++ } ++ + /* Get the address of the platform config vbt */ + pci_read_config_dword(pci_gfx_root, 0xFC, &addr); + pci_dev_put(pci_gfx_root); +-- +2.39.5 + diff --git a/queue-6.6/rust-error-add-missing-newline-to-pr_warn-calls.patch b/queue-6.6/rust-error-add-missing-newline-to-pr_warn-calls.patch new file mode 100644 index 0000000000..3839dc9d0c --- /dev/null +++ b/queue-6.6/rust-error-add-missing-newline-to-pr_warn-calls.patch @@ -0,0 +1,40 @@ +From 6645b5b8bd230076716e71a5638cf2dfdd45e1f4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Feb 2025 21:07:53 +0000 +Subject: rust: error: add missing newline to pr_warn! calls + +From: Alban Kurti + +[ Upstream commit 6f5c36f56d475732981dcf624e0ac0cc7c8984c8 ] + +Added missing newline at the end of pr_warn! usage +so the log is not missed. + +Fixes: 6551a7fe0acb ("rust: error: Add Error::from_errno{_unchecked}()") +Reported-by: Miguel Ojeda +Link: https://github.com/Rust-for-Linux/linux/issues/1139 +Signed-off-by: Alban Kurti +Link: https://lore.kernel.org/r/20250206-printing_fix-v3-2-a85273b501ae@invicto.ai +[ Replaced Closes with Link since it fixes part of the issue. - Miguel ] +Signed-off-by: Miguel Ojeda +Signed-off-by: Sasha Levin +--- + rust/kernel/error.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rust/kernel/error.rs b/rust/kernel/error.rs +index 032b645439539..e82d31aa1f307 100644 +--- a/rust/kernel/error.rs ++++ b/rust/kernel/error.rs +@@ -103,7 +103,7 @@ impl Error { + if errno < -(bindings::MAX_ERRNO as i32) || errno >= 0 { + // TODO: Make it a `WARN_ONCE` once available. + crate::pr_warn!( +- "attempted to create `Error` with out of range `errno`: {}", ++ "attempted to create `Error` with out of range `errno`: {}\n", + errno + ); + return code::EINVAL; +-- +2.39.5 + diff --git a/queue-6.6/rust-init-add-missing-newline-to-pr_info-calls.patch b/queue-6.6/rust-init-add-missing-newline-to-pr_info-calls.patch new file mode 100644 index 0000000000..3ec702b0f9 --- /dev/null +++ b/queue-6.6/rust-init-add-missing-newline-to-pr_info-calls.patch @@ -0,0 +1,123 @@ +From 6ea4851ab00781640ef3397b91026b4b07279478 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Feb 2025 21:07:54 +0000 +Subject: rust: init: add missing newline to pr_info! calls + +From: Alban Kurti + +[ Upstream commit 6933c1067fe6df8ddb34dd68bdb2aa172cbd08c8 ] + +Several pr_info! calls in rust/kernel/init.rs (both in code examples +and macro documentation) were missing a newline, causing logs to +run together. This commit updates these calls to include a trailing +newline, improving readability and consistency with the C side. + +Fixes: 6841d45a3030 ("rust: init: add `stack_pin_init!` macro") +Fixes: 7f8977a7fe6d ("rust: init: add `{pin_}chain` functions to `{Pin}Init`") +Fixes: d0fdc3961270 ("rust: init: add `PinnedDrop` trait and macros") +Fixes: 4af84c6a85c6 ("rust: init: update expanded macro explanation") +Reported-by: Miguel Ojeda +Link: https://github.com/Rust-for-Linux/linux/issues/1139 +Signed-off-by: Alban Kurti +Link: https://lore.kernel.org/r/20250206-printing_fix-v3-3-a85273b501ae@invicto.ai +[ Replaced Closes with Link since it fixes part of the issue. Added + one more Fixes tag (still same set of stable kernels). - Miguel ] +Signed-off-by: Miguel Ojeda +Signed-off-by: Sasha Levin +--- + rust/kernel/init.rs | 12 ++++++------ + rust/kernel/init/macros.rs | 6 +++--- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs +index 6ef9f61820184..af1c77cc12b28 100644 +--- a/rust/kernel/init.rs ++++ b/rust/kernel/init.rs +@@ -258,7 +258,7 @@ pub mod macros; + /// }, + /// })); + /// let foo: Pin<&mut Foo> = foo; +-/// pr_info!("a: {}", &*foo.a.lock()); ++/// pr_info!("a: {}\n", &*foo.a.lock()); + /// ``` + /// + /// # Syntax +@@ -310,7 +310,7 @@ macro_rules! stack_pin_init { + /// })?, + /// })); + /// let foo = foo.unwrap(); +-/// pr_info!("a: {}", &*foo.a.lock()); ++/// pr_info!("a: {}\n", &*foo.a.lock()); + /// ``` + /// + /// ```rust,ignore +@@ -335,7 +335,7 @@ macro_rules! stack_pin_init { + /// x: 64, + /// })?, + /// })); +-/// pr_info!("a: {}", &*foo.a.lock()); ++/// pr_info!("a: {}\n", &*foo.a.lock()); + /// # Ok::<_, AllocError>(()) + /// ``` + /// +@@ -800,7 +800,7 @@ pub unsafe trait PinInit: Sized { + /// + /// impl Foo { + /// fn setup(self: Pin<&mut Self>) { +- /// pr_info!("Setting up foo"); ++ /// pr_info!("Setting up foo\n"); + /// } + /// } + /// +@@ -906,7 +906,7 @@ pub unsafe trait Init: PinInit { + /// + /// impl Foo { + /// fn setup(&mut self) { +- /// pr_info!("Setting up foo"); ++ /// pr_info!("Setting up foo\n"); + /// } + /// } + /// +@@ -1229,7 +1229,7 @@ impl InPlaceInit for UniqueArc { + /// #[pinned_drop] + /// impl PinnedDrop for Foo { + /// fn drop(self: Pin<&mut Self>) { +-/// pr_info!("Foo is being dropped!"); ++/// pr_info!("Foo is being dropped!\n"); + /// } + /// } + /// ``` +diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs +index cb6e61b6c50bd..cb769a09e7426 100644 +--- a/rust/kernel/init/macros.rs ++++ b/rust/kernel/init/macros.rs +@@ -45,7 +45,7 @@ + //! #[pinned_drop] + //! impl PinnedDrop for Foo { + //! fn drop(self: Pin<&mut Self>) { +-//! pr_info!("{self:p} is getting dropped."); ++//! pr_info!("{self:p} is getting dropped.\n"); + //! } + //! } + //! +@@ -412,7 +412,7 @@ + //! #[pinned_drop] + //! impl PinnedDrop for Foo { + //! fn drop(self: Pin<&mut Self>) { +-//! pr_info!("{self:p} is getting dropped."); ++//! pr_info!("{self:p} is getting dropped.\n"); + //! } + //! } + //! ``` +@@ -423,7 +423,7 @@ + //! // `unsafe`, full path and the token parameter are added, everything else stays the same. + //! unsafe impl ::kernel::init::PinnedDrop for Foo { + //! fn drop(self: Pin<&mut Self>, _: ::kernel::init::__internal::OnlyCallFromDrop) { +-//! pr_info!("{self:p} is getting dropped."); ++//! pr_info!("{self:p} is getting dropped.\n"); + //! } + //! } + //! ``` +-- +2.39.5 + diff --git a/queue-6.6/scripts-generate_rust_analyzer-add-missing-macros-de.patch b/queue-6.6/scripts-generate_rust_analyzer-add-missing-macros-de.patch new file mode 100644 index 0000000000..ae935fbcc8 --- /dev/null +++ b/queue-6.6/scripts-generate_rust_analyzer-add-missing-macros-de.patch @@ -0,0 +1,112 @@ +From 722d581cb72e6b8e182d345a5d792145ba190055 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 10 Feb 2025 12:03:24 -0500 +Subject: scripts: generate_rust_analyzer: add missing macros deps + +From: Tamir Duberstein + +[ Upstream commit 2e0f91aba507a3cb59f7a12fc3ea2b7d4d6675b7 ] + +The macros crate has depended on std and proc_macro since its +introduction in commit 1fbde52bde73 ("rust: add `macros` crate"). These +dependencies were omitted from commit 8c4555ccc55c ("scripts: add +`generate_rust_analyzer.py`") resulting in missing go-to-definition and +autocomplete, and false-positive warnings emitted from rust-analyzer +such as: + + [{ + "resource": "/Users/tamird/src/linux/rust/macros/module.rs", + "owner": "_generated_diagnostic_collection_name_#1", + "code": { + "value": "non_snake_case", + "target": { + "$mid": 1, + "path": "/rustc/", + "scheme": "https", + "authority": "doc.rust-lang.org", + "query": "search=non_snake_case" + } + }, + "severity": 4, + "message": "Variable `None` should have snake_case name, e.g. `none`", + "source": "rust-analyzer", + "startLineNumber": 123, + "startColumn": 17, + "endLineNumber": 123, + "endColumn": 21 + }] + +Add the missing dependencies to improve the developer experience. + + [ Fiona had a different approach (thanks!) at: + + https://lore.kernel.org/rust-for-linux/20241205115438.234221-1-me@kloenk.dev/ + + But Tamir and Fiona agreed to this one. - Miguel ] + +Fixes: 8c4555ccc55c ("scripts: add `generate_rust_analyzer.py`") +Reviewed-by: Fiona Behrens +Diagnosed-by: Chayim Refael Friedman +Link: https://github.com/rust-lang/rust-analyzer/issues/17759#issuecomment-2646328275 +Signed-off-by: Tamir Duberstein +Tested-by: Andreas Hindborg +Link: https://lore.kernel.org/r/20250210-rust-analyzer-macros-core-dep-v3-1-45eb4836f218@gmail.com +[ Removed `return`. Changed tag name. Added Link. Slightly + reworded. - Miguel ] +Signed-off-by: Miguel Ojeda +Signed-off-by: Sasha Levin +--- + scripts/generate_rust_analyzer.py | 30 +++++++++++++++++++++--------- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/scripts/generate_rust_analyzer.py b/scripts/generate_rust_analyzer.py +index fc52bc41d3e7b..c99173e4b8f3e 100755 +--- a/scripts/generate_rust_analyzer.py ++++ b/scripts/generate_rust_analyzer.py +@@ -49,14 +49,26 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): + } + }) + +- # First, the ones in `rust/` since they are a bit special. +- append_crate( +- "core", +- sysroot_src / "core" / "src" / "lib.rs", +- [], +- cfg=crates_cfgs.get("core", []), +- is_workspace_member=False, +- ) ++ def append_sysroot_crate( ++ display_name, ++ deps, ++ cfg=[], ++ ): ++ append_crate( ++ display_name, ++ sysroot_src / display_name / "src" / "lib.rs", ++ deps, ++ cfg, ++ is_workspace_member=False, ++ ) ++ ++ # NB: sysroot crates reexport items from one another so setting up our transitive dependencies ++ # here is important for ensuring that rust-analyzer can resolve symbols. The sources of truth ++ # for this dependency graph are `(sysroot_src / crate / "Cargo.toml" for crate in crates)`. ++ append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", [])) ++ append_sysroot_crate("alloc", ["core"]) ++ append_sysroot_crate("std", ["alloc", "core"]) ++ append_sysroot_crate("proc_macro", ["core", "std"]) + + append_crate( + "compiler_builtins", +@@ -74,7 +86,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): + append_crate( + "macros", + srctree / "rust" / "macros" / "lib.rs", +- [], ++ ["std", "proc_macro"], + is_proc_macro=True, + ) + crates[-1]["proc_macro_dylib_path"] = f"{objtree}/rust/libmacros.so" +-- +2.39.5 + diff --git a/queue-6.6/series b/queue-6.6/series index 19f795076c..c389bade9c 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -143,3 +143,17 @@ rust-disallow-btf-generation-with-rust-lto.patch rust-init-fix-zeroable-implementation-for-option-nonnull-t-and-option-kbox-t.patch lib-buildid-handle-memfd_secret-files-in-build_id_parse.patch mm-split-critical-region-in-remap_file_pages-and-invoke-lsms-in-between.patch +asoc-ops-consistently-treat-platform_max-as-control-.patch +rust-error-add-missing-newline-to-pr_warn-calls.patch +drm-gma500-add-null-check-for-pci_gfx_root-in-mid_ge.patch +asoc-cs42l43-fix-maximum-adc-volume.patch +rust-init-add-missing-newline-to-pr_info-calls.patch +asoc-rt722-sdca-add-missing-readable-registers.patch +asoc-codecs-wm0010-fix-error-handling-path-in-wm0010.patch +scripts-generate_rust_analyzer-add-missing-macros-de.patch +cifs-fix-integer-overflow-while-processing-acregmax-.patch +cifs-fix-integer-overflow-while-processing-acdirmax-.patch +cifs-fix-integer-overflow-while-processing-actimeo-m.patch +cifs-fix-integer-overflow-while-processing-closetime.patch +cifs-validate-content-of-wsl-reparse-point-buffers.patch +cifs-throw-eopnotsupp-error-on-unsupported-reparse-p.patch