From: Sasha Levin Date: Mon, 19 Feb 2024 12:56:35 +0000 (-0500) Subject: Fixes for 6.1 X-Git-Tag: v4.19.307~125 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d8f2a8570e49e2bff05d6dec12548cb4e68d7837;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.1 Signed-off-by: Sasha Levin --- diff --git a/queue-6.1/cifs-fix-underflow-in-parse_server_interfaces.patch b/queue-6.1/cifs-fix-underflow-in-parse_server_interfaces.patch new file mode 100644 index 00000000000..4ec357d44c5 --- /dev/null +++ b/queue-6.1/cifs-fix-underflow-in-parse_server_interfaces.patch @@ -0,0 +1,41 @@ +From b3aa555197b5378d2ef7099e0e8dd6c0e3752b91 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 13:18:46 +0300 +Subject: cifs: fix underflow in parse_server_interfaces() + +From: Dan Carpenter + +[ Upstream commit cffe487026be13eaf37ea28b783d9638ab147204 ] + +In this loop, we step through the buffer and after each item we check +if the size_left is greater than the minimum size we need. However, +the problem is that "bytes_left" is type ssize_t while sizeof() is type +size_t. That means that because of type promotion, the comparison is +done as an unsigned and if we have negative bytes left the loop +continues instead of ending. + +Fixes: fe856be475f7 ("CIFS: parse and store info on iface queries") +Signed-off-by: Dan Carpenter +Reviewed-by: Shyam Prasad N +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/smb2ops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c +index 5a157000bdfe..34d1262004df 100644 +--- a/fs/smb/client/smb2ops.c ++++ b/fs/smb/client/smb2ops.c +@@ -613,7 +613,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf, + goto out; + } + +- while (bytes_left >= sizeof(*p)) { ++ while (bytes_left >= (ssize_t)sizeof(*p)) { + memset(&tmp_iface, 0, sizeof(tmp_iface)); + tmp_iface.speed = le64_to_cpu(p->LinkSpeed); + tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0; +-- +2.43.0 + diff --git a/queue-6.1/driver-core-fw_devlink-improve-detection-of-overlapp.patch b/queue-6.1/driver-core-fw_devlink-improve-detection-of-overlapp.patch new file mode 100644 index 00000000000..d7977fe2107 --- /dev/null +++ b/queue-6.1/driver-core-fw_devlink-improve-detection-of-overlapp.patch @@ -0,0 +1,102 @@ +From 62a6371a392697ee3b37fae86c7783a3460800d2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Feb 2024 01:56:34 -0800 +Subject: driver core: fw_devlink: Improve detection of overlapping cycles + +From: Saravana Kannan + +[ Upstream commit 6442d79d880cf7a2fff18779265d657fef0cce4c ] + +fw_devlink can detect most overlapping/intersecting cycles. However it was +missing a few corner cases because of an incorrect optimization logic that +tries to avoid repeating cycle detection for devices that are already +marked as part of a cycle. + +Here's an example provided by Xu Yang (edited for clarity): + + usb + +-----+ + tcpc | | + +-----+ | +--| + | |----------->|EP| + |--+ | | +--| + |EP|<-----------| | + |--+ | | B | + | | +-----+ + | A | | + +-----+ | + ^ +-----+ | + | | | | + +-----| C |<--+ + | | + +-----+ + usb-phy + +Node A (tcpc) will be populated as device 1-0050. +Node B (usb) will be populated as device 38100000.usb. +Node C (usb-phy) will be populated as device 381f0040.usb-phy. + +The description below uses the notation: +consumer --> supplier +child ==> parent + +1. Node C is populated as device C. No cycles detected because cycle + detection is only run when a fwnode link is converted to a device link. + +2. Node B is populated as device B. As we convert B --> C into a device + link we run cycle detection and find and mark the device link/fwnode + link cycle: + C--> A --> B.EP ==> B --> C + +3. Node A is populated as device A. As we convert C --> A into a device + link, we see it's already part of a cycle (from step 2) and don't run + cycle detection. Thus we miss detecting the cycle: + A --> B.EP ==> B --> A.EP ==> A + +Looking at it another way, A depends on B in one way: +A --> B.EP ==> B + +But B depends on A in two ways and we only detect the first: +B --> C --> A +B --> A.EP ==> A + +To detect both of these, we remove the incorrect optimization attempt in +step 3 and run cycle detection even if the fwnode link from which the +device link is being created has already been marked as part of a cycle. + +Reported-by: Xu Yang +Closes: https://lore.kernel.org/lkml/DU2PR04MB8822693748725F85DC0CB86C8C792@DU2PR04MB8822.eurprd04.prod.outlook.com/ +Fixes: 3fb16866b51d ("driver core: fw_devlink: Make cycle detection more robust") +Signed-off-by: Saravana Kannan +Tested-by: Xu Yang +Link: https://lore.kernel.org/r/20240202095636.868578-3-saravanak@google.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/base/core.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/base/core.c b/drivers/base/core.c +index 191590055932..3078f44dc186 100644 +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -2056,9 +2056,14 @@ static int fw_devlink_create_devlink(struct device *con, + + /* + * SYNC_STATE_ONLY device links don't block probing and supports cycles. +- * So cycle detection isn't necessary and shouldn't be done. ++ * So, one might expect that cycle detection isn't necessary for them. ++ * However, if the device link was marked as SYNC_STATE_ONLY because ++ * it's part of a cycle, then we still need to do cycle detection. This ++ * is because the consumer and supplier might be part of multiple cycles ++ * and we need to detect all those cycles. + */ +- if (!(flags & DL_FLAG_SYNC_STATE_ONLY)) { ++ if (!device_link_flag_is_sync_state_only(flags) || ++ flags & DL_FLAG_CYCLE) { + device_links_write_lock(); + if (__fw_devlink_relax_cycles(con, sup_handle)) { + __fwnode_link_cycle(link); +-- +2.43.0 + diff --git a/queue-6.1/i2c-i801-fix-block-process-call-transactions.patch b/queue-6.1/i2c-i801-fix-block-process-call-transactions.patch new file mode 100644 index 00000000000..c2c4a349dc6 --- /dev/null +++ b/queue-6.1/i2c-i801-fix-block-process-call-transactions.patch @@ -0,0 +1,56 @@ +From d30a9b5ea66051dc912b82d2d11a379f1271cfe7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Feb 2024 15:59:39 +0100 +Subject: i2c: i801: Fix block process call transactions + +From: Jean Delvare + +[ Upstream commit c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 ] + +According to the Intel datasheets, software must reset the block +buffer index twice for block process call transactions: once before +writing the outgoing data to the buffer, and once again before +reading the incoming data from the buffer. + +The driver is currently missing the second reset, causing the wrong +portion of the block buffer to be read. + +Signed-off-by: Jean Delvare +Reported-by: Piotr Zakowski +Closes: https://lore.kernel.org/linux-i2c/20240213120553.7b0ab120@endymion.delvare/ +Fixes: 315cd67c9453 ("i2c: i801: Add Block Write-Block Read Process Call support") +Reviewed-by: Alexander Sverdlin +Signed-off-by: Andi Shyti +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-i801.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c +index 3159ffbb77a2..9a4e9bf304c2 100644 +--- a/drivers/i2c/busses/i2c-i801.c ++++ b/drivers/i2c/busses/i2c-i801.c +@@ -500,11 +500,10 @@ static int i801_block_transaction_by_block(struct i801_priv *priv, + /* Set block buffer mode */ + outb_p(inb_p(SMBAUXCTL(priv)) | SMBAUXCTL_E32B, SMBAUXCTL(priv)); + +- inb_p(SMBHSTCNT(priv)); /* reset the data buffer index */ +- + if (read_write == I2C_SMBUS_WRITE) { + len = data->block[0]; + outb_p(len, SMBHSTDAT0(priv)); ++ inb_p(SMBHSTCNT(priv)); /* reset the data buffer index */ + for (i = 0; i < len; i++) + outb_p(data->block[i+1], SMBBLKDAT(priv)); + } +@@ -520,6 +519,7 @@ static int i801_block_transaction_by_block(struct i801_priv *priv, + return -EPROTO; + + data->block[0] = len; ++ inb_p(SMBHSTCNT(priv)); /* reset the data buffer index */ + for (i = 0; i < len; i++) + data->block[i + 1] = inb_p(SMBBLKDAT(priv)); + } +-- +2.43.0 + diff --git a/queue-6.1/i2c-pasemi-split-driver-into-two-separate-modules.patch b/queue-6.1/i2c-pasemi-split-driver-into-two-separate-modules.patch new file mode 100644 index 00000000000..5b8cab31231 --- /dev/null +++ b/queue-6.1/i2c-pasemi-split-driver-into-two-separate-modules.patch @@ -0,0 +1,61 @@ +From 9b3ad1befd063acbd2c8f2f5d8fe8a959b5095d8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Feb 2024 12:19:04 +0100 +Subject: i2c: pasemi: split driver into two separate modules + +From: Arnd Bergmann + +[ Upstream commit f44bff19268517ee98e80e944cad0f04f1db72e3 ] + +On powerpc, it is possible to compile test both the new apple (arm) and +old pasemi (powerpc) drivers for the i2c hardware at the same time, +which leads to a warning about linking the same object file twice: + +scripts/Makefile.build:244: drivers/i2c/busses/Makefile: i2c-pasemi-core.o is added to multiple modules: i2c-apple i2c-pasemi + +Rework the driver to have an explicit helper module, letting Kbuild +take care of whether this should be built-in or a loadable driver. + +Fixes: 9bc5f4f660ff ("i2c: pasemi: Split pci driver to its own file") +Signed-off-by: Arnd Bergmann +Reviewed-by: Sven Peter +Signed-off-by: Andi Shyti +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/Makefile | 6 ++---- + drivers/i2c/busses/i2c-pasemi-core.c | 5 +++++ + 2 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/drivers/i2c/busses/Makefile b/drivers/i2c/busses/Makefile +index e73cdb1d2b5a..784a803279d9 100644 +--- a/drivers/i2c/busses/Makefile ++++ b/drivers/i2c/busses/Makefile +@@ -89,10 +89,8 @@ obj-$(CONFIG_I2C_NPCM) += i2c-npcm7xx.o + obj-$(CONFIG_I2C_OCORES) += i2c-ocores.o + obj-$(CONFIG_I2C_OMAP) += i2c-omap.o + obj-$(CONFIG_I2C_OWL) += i2c-owl.o +-i2c-pasemi-objs := i2c-pasemi-core.o i2c-pasemi-pci.o +-obj-$(CONFIG_I2C_PASEMI) += i2c-pasemi.o +-i2c-apple-objs := i2c-pasemi-core.o i2c-pasemi-platform.o +-obj-$(CONFIG_I2C_APPLE) += i2c-apple.o ++obj-$(CONFIG_I2C_PASEMI) += i2c-pasemi-core.o i2c-pasemi-pci.o ++obj-$(CONFIG_I2C_APPLE) += i2c-pasemi-core.o i2c-pasemi-platform.o + obj-$(CONFIG_I2C_PCA_PLATFORM) += i2c-pca-platform.o + obj-$(CONFIG_I2C_PNX) += i2c-pnx.o + obj-$(CONFIG_I2C_PXA) += i2c-pxa.o +diff --git a/drivers/i2c/busses/i2c-pasemi-core.c b/drivers/i2c/busses/i2c-pasemi-core.c +index 9028ffb58cc0..f297e41352e7 100644 +--- a/drivers/i2c/busses/i2c-pasemi-core.c ++++ b/drivers/i2c/busses/i2c-pasemi-core.c +@@ -356,3 +356,8 @@ int pasemi_i2c_common_probe(struct pasemi_smbus *smbus) + + return 0; + } ++EXPORT_SYMBOL_GPL(pasemi_i2c_common_probe); ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Olof Johansson "); ++MODULE_DESCRIPTION("PA Semi PWRficient SMBus driver"); +-- +2.43.0 + diff --git a/queue-6.1/i2c-qcom-geni-correct-i2c-tre-sequence.patch b/queue-6.1/i2c-qcom-geni-correct-i2c-tre-sequence.patch new file mode 100644 index 00000000000..7b82203f87f --- /dev/null +++ b/queue-6.1/i2c-qcom-geni-correct-i2c-tre-sequence.patch @@ -0,0 +1,96 @@ +From 7ffe036bc125f85d156a9bc0ea23377893fbb16e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Feb 2024 18:22:39 +0530 +Subject: i2c: qcom-geni: Correct I2C TRE sequence + +From: Viken Dadhaniya + +[ Upstream commit 83ef106fa732aea8558253641cd98e8a895604d7 ] + +For i2c read operation in GSI mode, we are getting timeout +due to malformed TRE basically incorrect TRE sequence +in gpi(drivers/dma/qcom/gpi.c) driver. + +I2C driver has geni_i2c_gpi(I2C_WRITE) function which generates GO TRE and +geni_i2c_gpi(I2C_READ)generates DMA TRE. Hence to generate GO TRE before +DMA TRE, we should move geni_i2c_gpi(I2C_WRITE) before +geni_i2c_gpi(I2C_READ) inside the I2C GSI mode transfer function +i.e. geni_i2c_gpi_xfer(). + +TRE stands for Transfer Ring Element - which is basically an element with +size of 4 words. It contains all information like slave address, +clk divider, dma address value data size etc). + +Mainly we have 3 TREs(Config, GO and DMA tre). +- CONFIG TRE : consists of internal register configuration which is + required before start of the transfer. +- DMA TRE : contains DDR/Memory address, called as DMA descriptor. +- GO TRE : contains Transfer directions, slave ID, Delay flags, Length + of the transfer. + +I2c driver calls GPI driver API to config each TRE depending on the +protocol. + +For read operation tre sequence will be as below which is not aligned +to hardware programming guide. + +- CONFIG tre +- DMA tre +- GO tre + +As per Qualcomm's internal Hardware Programming Guide, we should configure +TREs in below sequence for any RX only transfer. + +- CONFIG tre +- GO tre +- DMA tre + +Fixes: d8703554f4de ("i2c: qcom-geni: Add support for GPI DMA") +Reviewed-by: Andi Shyti +Reviewed-by: Bryan O'Donoghue +Tested-by: Bryan O'Donoghue # qrb5165-rb5 +Co-developed-by: Mukesh Kumar Savaliya +Signed-off-by: Mukesh Kumar Savaliya +Signed-off-by: Viken Dadhaniya +Reviewed-by: Dmitry Baryshkov +Signed-off-by: Andi Shyti +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-qcom-geni.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-qcom-geni.c b/drivers/i2c/busses/i2c-qcom-geni.c +index 8fce98bb77ff..75b9c3f26bba 100644 +--- a/drivers/i2c/busses/i2c-qcom-geni.c ++++ b/drivers/i2c/busses/i2c-qcom-geni.c +@@ -605,20 +605,20 @@ static int geni_i2c_gpi_xfer(struct geni_i2c_dev *gi2c, struct i2c_msg msgs[], i + + peripheral.addr = msgs[i].addr; + ++ ret = geni_i2c_gpi(gi2c, &msgs[i], &config, ++ &tx_addr, &tx_buf, I2C_WRITE, gi2c->tx_c); ++ if (ret) ++ goto err; ++ + if (msgs[i].flags & I2C_M_RD) { + ret = geni_i2c_gpi(gi2c, &msgs[i], &config, + &rx_addr, &rx_buf, I2C_READ, gi2c->rx_c); + if (ret) + goto err; +- } +- +- ret = geni_i2c_gpi(gi2c, &msgs[i], &config, +- &tx_addr, &tx_buf, I2C_WRITE, gi2c->tx_c); +- if (ret) +- goto err; + +- if (msgs[i].flags & I2C_M_RD) + dma_async_issue_pending(gi2c->rx_c); ++ } ++ + dma_async_issue_pending(gi2c->tx_c); + + timeout = wait_for_completion_timeout(&gi2c->done, XFER_TIMEOUT); +-- +2.43.0 + diff --git a/queue-6.1/interconnect-qcom-sc8180x-mark-co0-bcm-keepalive.patch b/queue-6.1/interconnect-qcom-sc8180x-mark-co0-bcm-keepalive.patch new file mode 100644 index 00000000000..dee8d757cdd --- /dev/null +++ b/queue-6.1/interconnect-qcom-sc8180x-mark-co0-bcm-keepalive.patch @@ -0,0 +1,40 @@ +From 43efc59060f13af1dd69b9ab364fe2bc47e43564 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Jan 2024 15:16:26 +0200 +Subject: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive + +From: Konrad Dybcio + +[ Upstream commit 85e985a4f46e462a37f1875cb74ed380e7c0c2e0 ] + +The CO0 BCM needs to be up at all times, otherwise some hardware (like +the UFS controller) loses its connection to the rest of the SoC, +resulting in a hang of the platform, accompanied by a spectacular +logspam. + +Mark it as keepalive to prevent such cases. + +Fixes: 9c8c6bac1ae8 ("interconnect: qcom: Add SC8180x providers") +Signed-off-by: Konrad Dybcio +Link: https://lore.kernel.org/r/20231214-topic-sc8180_fixes-v1-1-421904863006@linaro.org +Signed-off-by: Georgi Djakov +Signed-off-by: Sasha Levin +--- + drivers/interconnect/qcom/sc8180x.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/interconnect/qcom/sc8180x.c b/drivers/interconnect/qcom/sc8180x.c +index 83461e31774e..d9ee193fb18b 100644 +--- a/drivers/interconnect/qcom/sc8180x.c ++++ b/drivers/interconnect/qcom/sc8180x.c +@@ -1387,6 +1387,7 @@ static struct qcom_icc_bcm bcm_mm0 = { + + static struct qcom_icc_bcm bcm_co0 = { + .name = "CO0", ++ .keepalive = true, + .num_nodes = 1, + .nodes = { &slv_qns_cdsp_mem_noc } + }; +-- +2.43.0 + diff --git a/queue-6.1/irqchip-loongson-eiointc-use-correct-struct-type-in-.patch b/queue-6.1/irqchip-loongson-eiointc-use-correct-struct-type-in-.patch new file mode 100644 index 00000000000..4f80375a48b --- /dev/null +++ b/queue-6.1/irqchip-loongson-eiointc-use-correct-struct-type-in-.patch @@ -0,0 +1,46 @@ +From a0ad0f3c65c3a665dea93712472968b1a9281680 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 30 Jan 2024 16:27:20 +0800 +Subject: irqchip/loongson-eiointc: Use correct struct type in + eiointc_domain_alloc() + +From: Bibo Mao + +[ Upstream commit f1c2765c6afcd1f71f76ed8c9bf94acedab4cecb ] + +eiointc_domain_alloc() uses struct eiointc, which is not defined, for a +pointer. Older compilers treat that as a forward declaration and due to +assignment of a void pointer there is no warning emitted. As the variable +is then handed in as a void pointer argument to irq_domain_set_info() the +code is functional. + +Use struct eiointc_priv instead. + +[ tglx: Rewrote changelog ] + +Fixes: dd281e1a1a93 ("irqchip: Add Loongson Extended I/O interrupt controller support") +Signed-off-by: Bibo Mao +Signed-off-by: Thomas Gleixner +Acked-by: Huacai Chen +Link: https://lore.kernel.org/r/20240130082722.2912576-2-maobibo@loongson.cn +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-loongson-eiointc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/irqchip/irq-loongson-eiointc.c b/drivers/irqchip/irq-loongson-eiointc.c +index 3d99b8bdd8ef..de115ee6e9ec 100644 +--- a/drivers/irqchip/irq-loongson-eiointc.c ++++ b/drivers/irqchip/irq-loongson-eiointc.c +@@ -242,7 +242,7 @@ static int eiointc_domain_alloc(struct irq_domain *domain, unsigned int virq, + int ret; + unsigned int i, type; + unsigned long hwirq = 0; +- struct eiointc *priv = domain->host_data; ++ struct eiointc_priv *priv = domain->host_data; + + ret = irq_domain_translate_onecell(domain, arg, &hwirq, &type); + if (ret) +-- +2.43.0 + diff --git a/queue-6.1/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch b/queue-6.1/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch new file mode 100644 index 00000000000..07892d445e7 --- /dev/null +++ b/queue-6.1/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch @@ -0,0 +1,44 @@ +From 35c496b5ffcf48f455ac8913552100bb967511a2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Jan 2024 09:14:19 +0100 +Subject: media: ir_toy: fix a memleak in irtoy_tx + +From: Zhipeng Lu + +[ Upstream commit dc9ceb90c4b42c6e5c6757df1d6257110433788e ] + +When irtoy_command fails, buf should be freed since it is allocated by +irtoy_tx, or there is a memleak. + +Fixes: 4114978dcd24 ("media: ir_toy: prevent device from hanging during transmit") +Signed-off-by: Zhipeng Lu +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/rc/ir_toy.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/media/rc/ir_toy.c b/drivers/media/rc/ir_toy.c +index 196806709259..69e630d85262 100644 +--- a/drivers/media/rc/ir_toy.c ++++ b/drivers/media/rc/ir_toy.c +@@ -332,6 +332,7 @@ static int irtoy_tx(struct rc_dev *rc, uint *txbuf, uint count) + sizeof(COMMAND_SMODE_EXIT), STATE_COMMAND_NO_RESP); + if (err) { + dev_err(irtoy->dev, "exit sample mode: %d\n", err); ++ kfree(buf); + return err; + } + +@@ -339,6 +340,7 @@ static int irtoy_tx(struct rc_dev *rc, uint *txbuf, uint count) + sizeof(COMMAND_SMODE_ENTER), STATE_COMMAND); + if (err) { + dev_err(irtoy->dev, "enter sample mode: %d\n", err); ++ kfree(buf); + return err; + } + +-- +2.43.0 + diff --git a/queue-6.1/modpost-trim-leading-spaces-when-processing-source-f.patch b/queue-6.1/modpost-trim-leading-spaces-when-processing-source-f.patch new file mode 100644 index 00000000000..319e27496c2 --- /dev/null +++ b/queue-6.1/modpost-trim-leading-spaces-when-processing-source-f.patch @@ -0,0 +1,42 @@ +From 00330175050d5a40ec733877a8b3951fd75d6830 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Feb 2024 10:14:07 +0100 +Subject: modpost: trim leading spaces when processing source files list + +From: Radek Krejci + +[ Upstream commit 5d9a16b2a4d9e8fa028892ded43f6501bc2969e5 ] + +get_line() does not trim the leading spaces, but the +parse_source_files() expects to get lines with source files paths where +the first space occurs after the file path. + +Fixes: 70f30cfe5b89 ("modpost: use read_text_file() and get_line() for reading text files") +Signed-off-by: Radek Krejci +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + scripts/mod/sumversion.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c +index 6bf9caca0968..a72e6cf61a1f 100644 +--- a/scripts/mod/sumversion.c ++++ b/scripts/mod/sumversion.c +@@ -326,7 +326,12 @@ static int parse_source_files(const char *objfile, struct md4_ctx *md) + + /* Sum all files in the same dir or subdirs. */ + while ((line = get_line(&pos))) { +- char* p = line; ++ char* p; ++ ++ /* trim the leading spaces away */ ++ while (isspace(*line)) ++ line++; ++ p = line; + + if (strncmp(line, "source_", sizeof("source_")-1) == 0) { + p = strrchr(line, ' '); +-- +2.43.0 + diff --git a/queue-6.1/powerpc-6xx-set-high-bat-enable-flag-on-g2_le-cores.patch b/queue-6.1/powerpc-6xx-set-high-bat-enable-flag-on-g2_le-cores.patch new file mode 100644 index 00000000000..3421154a01b --- /dev/null +++ b/queue-6.1/powerpc-6xx-set-high-bat-enable-flag-on-g2_le-cores.patch @@ -0,0 +1,85 @@ +From f763e638b2d4bb0e47f9164068ccf0e869c283d6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Jan 2024 11:38:38 +0100 +Subject: powerpc/6xx: set High BAT Enable flag on G2_LE cores + +From: Matthias Schiffer + +[ Upstream commit a038a3ff8c6582404834852c043dadc73a5b68b4 ] + +MMU_FTR_USE_HIGH_BATS is set for G2_LE cores and derivatives like e300cX, +but the high BATs need to be enabled in HID2 to work. Add register +definitions and add the needed setup to __setup_cpu_603. + +This fixes boot on CPUs like the MPC5200B with STRICT_KERNEL_RWX enabled +on systems where the flag has not been set by the bootloader already. + +Fixes: e4d6654ebe6e ("powerpc/mm/32s: rework mmu_mapin_ram()") +Signed-off-by: Matthias Schiffer +Reviewed-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Link: https://msgid.link/20240124103838.43675-1-matthias.schiffer@ew.tq-group.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/include/asm/reg.h | 2 ++ + arch/powerpc/kernel/cpu_setup_6xx.S | 20 +++++++++++++++++++- + 2 files changed, 21 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h +index 8fda87af2fa5..6c0ab745f0c8 100644 +--- a/arch/powerpc/include/asm/reg.h ++++ b/arch/powerpc/include/asm/reg.h +@@ -608,6 +608,8 @@ + #endif + #define SPRN_HID2 0x3F8 /* Hardware Implementation Register 2 */ + #define SPRN_HID2_GEKKO 0x398 /* Gekko HID2 Register */ ++#define SPRN_HID2_G2_LE 0x3F3 /* G2_LE HID2 Register */ ++#define HID2_G2_LE_HBE (1<<18) /* High BAT Enable (G2_LE) */ + #define SPRN_IABR 0x3F2 /* Instruction Address Breakpoint Register */ + #define SPRN_IABR2 0x3FA /* 83xx */ + #define SPRN_IBCR 0x135 /* 83xx Insn Breakpoint Control Reg */ +diff --git a/arch/powerpc/kernel/cpu_setup_6xx.S b/arch/powerpc/kernel/cpu_setup_6xx.S +index f8b5ff64b604..6cbad50c71f6 100644 +--- a/arch/powerpc/kernel/cpu_setup_6xx.S ++++ b/arch/powerpc/kernel/cpu_setup_6xx.S +@@ -24,6 +24,15 @@ BEGIN_FTR_SECTION + bl __init_fpu_registers + END_FTR_SECTION_IFCLR(CPU_FTR_FPU_UNAVAILABLE) + bl setup_common_caches ++ ++ /* ++ * This assumes that all cores using __setup_cpu_603 with ++ * MMU_FTR_USE_HIGH_BATS are G2_LE compatible ++ */ ++BEGIN_MMU_FTR_SECTION ++ bl setup_g2_le_hid2 ++END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS) ++ + mtlr r5 + blr + _GLOBAL(__setup_cpu_604) +@@ -111,6 +120,16 @@ setup_604_hid0: + isync + blr + ++/* Enable high BATs for G2_LE and derivatives like e300cX */ ++SYM_FUNC_START_LOCAL(setup_g2_le_hid2) ++ mfspr r11,SPRN_HID2_G2_LE ++ oris r11,r11,HID2_G2_LE_HBE@h ++ mtspr SPRN_HID2_G2_LE,r11 ++ sync ++ isync ++ blr ++SYM_FUNC_END(setup_g2_le_hid2) ++ + /* 7400 <= rev 2.7 and 7410 rev = 1.0 suffer from some + * erratas we work around here. + * Moto MPC710CE.pdf describes them, those are errata +@@ -485,4 +504,3 @@ _GLOBAL(__restore_cpu_setup) + mtcr r7 + blr + _ASM_NOKPROBE_SYMBOL(__restore_cpu_setup) +- +-- +2.43.0 + diff --git a/queue-6.1/powerpc-kasan-fix-addr-error-caused-by-page-alignmen.patch b/queue-6.1/powerpc-kasan-fix-addr-error-caused-by-page-alignmen.patch new file mode 100644 index 00000000000..f13e6d10d7a --- /dev/null +++ b/queue-6.1/powerpc-kasan-fix-addr-error-caused-by-page-alignmen.patch @@ -0,0 +1,63 @@ +From 5c81a67982b51acc0fa5b7a4f799229a761019c8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Jan 2024 09:45:59 +0800 +Subject: powerpc/kasan: Fix addr error caused by page alignment + +From: Jiangfeng Xiao + +[ Upstream commit 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0 ] + +In kasan_init_region, when k_start is not page aligned, at the begin of +for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then +`va = block + k_cur - k_start` is less than block, the addr va is invalid, +because the memory address space from va to block is not alloced by +memblock_alloc, which will not be reserved by memblock_reserve later, it +will be used by other places. + +As a result, memory overwriting occurs. + +for example: +int __init __weak kasan_init_region(void *start, size_t size) +{ +[...] + /* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */ + block = memblock_alloc(k_end - k_start, PAGE_SIZE); + [...] + for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { + /* at the begin of for loop + * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400) + * va(dcd96c00) is less than block(dcd97000), va is invalid + */ + void *va = block + k_cur - k_start; + [...] + } +[...] +} + +Therefore, page alignment is performed on k_start before +memblock_alloc() to ensure the validity of the VA address. + +Fixes: 663c0c9496a6 ("powerpc/kasan: Fix shadow area set up for modules.") +Signed-off-by: Jiangfeng Xiao +Signed-off-by: Michael Ellerman +Link: https://msgid.link/1705974359-43790-1-git-send-email-xiaojiangfeng@huawei.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/mm/kasan/init_32.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/mm/kasan/init_32.c b/arch/powerpc/mm/kasan/init_32.c +index a70828a6d935..aa9aa11927b2 100644 +--- a/arch/powerpc/mm/kasan/init_32.c ++++ b/arch/powerpc/mm/kasan/init_32.c +@@ -64,6 +64,7 @@ int __init __weak kasan_init_region(void *start, size_t size) + if (ret) + return ret; + ++ k_start = k_start & PAGE_MASK; + block = memblock_alloc(k_end - k_start, PAGE_SIZE); + if (!block) + return -ENOMEM; +-- +2.43.0 + diff --git a/queue-6.1/powerpc-kasan-limit-kasan-thread-size-increase-to-32.patch b/queue-6.1/powerpc-kasan-limit-kasan-thread-size-increase-to-32.patch new file mode 100644 index 00000000000..2d4c9012d49 --- /dev/null +++ b/queue-6.1/powerpc-kasan-limit-kasan-thread-size-increase-to-32.patch @@ -0,0 +1,54 @@ +From 9cc2f40210586800cd7ec0c01f3a534cacfa8de0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Feb 2024 17:42:44 +1100 +Subject: powerpc/kasan: Limit KASAN thread size increase to 32KB + +From: Michael Ellerman + +[ Upstream commit f1acb109505d983779bbb7e20a1ee6244d2b5736 ] + +KASAN is seen to increase stack usage, to the point that it was reported +to lead to stack overflow on some 32-bit machines (see link). + +To avoid overflows the stack size was doubled for KASAN builds in +commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with +KASAN"). + +However with a 32KB stack size to begin with, the doubling leads to a +64KB stack, which causes build errors: + arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) + +Although the asm could be reworked, in practice a 32KB stack seems +sufficient even for KASAN builds - the additional usage seems to be in +the 2-3KB range for a 64-bit KASAN build. + +So only increase the stack for KASAN if the stack size is < 32KB. + +Fixes: 18f14afe2816 ("powerpc/64s: Increase default stack size to 32KB") +Reported-by: Spoorthy +Reported-by: Benjamin Gray +Reviewed-by: Benjamin Gray +Link: https://lore.kernel.org/linuxppc-dev/bug-207129-206035@https.bugzilla.kernel.org%2F/ +Signed-off-by: Michael Ellerman +Link: https://msgid.link/20240212064244.3924505-1-mpe@ellerman.id.au +Signed-off-by: Sasha Levin +--- + arch/powerpc/include/asm/thread_info.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h +index af58f1ed3952..c4b798aa6ce8 100644 +--- a/arch/powerpc/include/asm/thread_info.h ++++ b/arch/powerpc/include/asm/thread_info.h +@@ -14,7 +14,7 @@ + + #ifdef __KERNEL__ + +-#ifdef CONFIG_KASAN ++#if defined(CONFIG_KASAN) && CONFIG_THREAD_SHIFT < 15 + #define MIN_THREAD_SHIFT (CONFIG_THREAD_SHIFT + 1) + #else + #define MIN_THREAD_SHIFT CONFIG_THREAD_SHIFT +-- +2.43.0 + diff --git a/queue-6.1/series b/queue-6.1/series index 5aa0abdf617..7b1009b638c 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -51,3 +51,15 @@ usb-ucsi_acpi-fix-command-completion-handling.patch usb-hub-check-for-alternate-port-before-enabling-a_alt_hnp_support.patch usb-f_mass_storage-forbid-async-queue-when-shutdown-happen.patch usb-dwc3-gadget-fix-null-pointer-dereference-in-dwc3_gadget_suspend.patch +interconnect-qcom-sc8180x-mark-co0-bcm-keepalive.patch +media-ir_toy-fix-a-memleak-in-irtoy_tx.patch +driver-core-fw_devlink-improve-detection-of-overlapp.patch +powerpc-6xx-set-high-bat-enable-flag-on-g2_le-cores.patch +powerpc-kasan-fix-addr-error-caused-by-page-alignmen.patch +cifs-fix-underflow-in-parse_server_interfaces.patch +i2c-qcom-geni-correct-i2c-tre-sequence.patch +irqchip-loongson-eiointc-use-correct-struct-type-in-.patch +powerpc-kasan-limit-kasan-thread-size-increase-to-32.patch +i2c-pasemi-split-driver-into-two-separate-modules.patch +i2c-i801-fix-block-process-call-transactions.patch +modpost-trim-leading-spaces-when-processing-source-f.patch