From 41651125ff3cb5adc112a4faad320141de8d5f13 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 24 Dec 2023 19:41:22 -0500 Subject: [PATCH] Fixes for 5.15 Signed-off-by: Sasha Levin --- ...050-fix-an-error-code-problem-in-inv.patch | 45 +++++++++++++++ ...-keys-add-error-handling-for-devm_km.patch | 40 ++++++++++++++ ...onnect-qcom-sm8250-enable-sync_state.patch | 36 ++++++++++++ ...at-xlate-returning-null-node-as-an-e.patch | 45 +++++++++++++++ ...fc-fix-skb-double-free-in-bnx2fc_rcv.patch | 55 +++++++++++++++++++ queue-5.15/series | 5 ++ 6 files changed, 226 insertions(+) create mode 100644 queue-5.15/iio-imu-inv_mpu6050-fix-an-error-code-problem-in-inv.patch create mode 100644 queue-5.15/input-ipaq-micro-keys-add-error-handling-for-devm_km.patch create mode 100644 queue-5.15/interconnect-qcom-sm8250-enable-sync_state.patch create mode 100644 queue-5.15/interconnect-treat-xlate-returning-null-node-as-an-e.patch create mode 100644 queue-5.15/scsi-bnx2fc-fix-skb-double-free-in-bnx2fc_rcv.patch diff --git a/queue-5.15/iio-imu-inv_mpu6050-fix-an-error-code-problem-in-inv.patch b/queue-5.15/iio-imu-inv_mpu6050-fix-an-error-code-problem-in-inv.patch new file mode 100644 index 00000000000..4fe27c4d9d2 --- /dev/null +++ b/queue-5.15/iio-imu-inv_mpu6050-fix-an-error-code-problem-in-inv.patch @@ -0,0 +1,45 @@ +From d16b8138d866e9a72196b9d691651e5e8c751dd4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Oct 2023 10:02:19 +0800 +Subject: iio: imu: inv_mpu6050: fix an error code problem in + inv_mpu6050_read_raw + +From: Su Hui + +[ Upstream commit c3df0e29fb7788c4b3ddf37d5ed87dda2b822943 ] + +inv_mpu6050_sensor_show() can return -EINVAL or IIO_VAL_INT. Return the +true value rather than only return IIO_VAL_INT. + +Fixes: d5098447147c ("iio: imu: mpu6050: add calibration offset support") +Signed-off-by: Su Hui +Link: https://lore.kernel.org/r/20231030020218.65728-1-suhui@nfschina.com +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c +index 597768c29a729..caeef03b8c622 100644 +--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c ++++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c +@@ -727,13 +727,13 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev, + ret = inv_mpu6050_sensor_show(st, st->reg->gyro_offset, + chan->channel2, val); + mutex_unlock(&st->lock); +- return IIO_VAL_INT; ++ return ret; + case IIO_ACCEL: + mutex_lock(&st->lock); + ret = inv_mpu6050_sensor_show(st, st->reg->accl_offset, + chan->channel2, val); + mutex_unlock(&st->lock); +- return IIO_VAL_INT; ++ return ret; + + default: + return -EINVAL; +-- +2.43.0 + diff --git a/queue-5.15/input-ipaq-micro-keys-add-error-handling-for-devm_km.patch b/queue-5.15/input-ipaq-micro-keys-add-error-handling-for-devm_km.patch new file mode 100644 index 00000000000..27b78c35b86 --- /dev/null +++ b/queue-5.15/input-ipaq-micro-keys-add-error-handling-for-devm_km.patch @@ -0,0 +1,40 @@ +From a1d8351398742519fd5851682d937b7bbd9109b5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 3 Dec 2023 19:00:23 +0000 +Subject: Input: ipaq-micro-keys - add error handling for devm_kmemdup + +From: Haoran Liu + +[ Upstream commit 59b6a747e2d39227ac2325c5e29d6ab3bb070c2a ] + +Check the return value of i2c_add_adapter. Static analysis revealed that +the function did not properly handle potential failures of +i2c_add_adapter, which could lead to partial initialization of the I2C +adapter and unstable operation. + +Signed-off-by: Haoran Liu +Link: https://lore.kernel.org/r/20231203164653.38983-1-liuhaoran14@163.com +Fixes: d7535ffa427b ("Input: driver for microcontroller keys on the iPaq h3xxx") +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/keyboard/ipaq-micro-keys.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/input/keyboard/ipaq-micro-keys.c b/drivers/input/keyboard/ipaq-micro-keys.c +index 13a66a8e3411f..e0c51189e329c 100644 +--- a/drivers/input/keyboard/ipaq-micro-keys.c ++++ b/drivers/input/keyboard/ipaq-micro-keys.c +@@ -105,6 +105,9 @@ static int micro_key_probe(struct platform_device *pdev) + keys->codes = devm_kmemdup(&pdev->dev, micro_keycodes, + keys->input->keycodesize * keys->input->keycodemax, + GFP_KERNEL); ++ if (!keys->codes) ++ return -ENOMEM; ++ + keys->input->keycode = keys->codes; + + __set_bit(EV_KEY, keys->input->evbit); +-- +2.43.0 + diff --git a/queue-5.15/interconnect-qcom-sm8250-enable-sync_state.patch b/queue-5.15/interconnect-qcom-sm8250-enable-sync_state.patch new file mode 100644 index 00000000000..10384e95e93 --- /dev/null +++ b/queue-5.15/interconnect-qcom-sm8250-enable-sync_state.patch @@ -0,0 +1,36 @@ +From 3bdee60367ff63b43157f949de6139af555cb301 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 30 Nov 2023 15:04:45 +0100 +Subject: interconnect: qcom: sm8250: Enable sync_state + +From: Konrad Dybcio + +[ Upstream commit bfc7db1cb94ad664546d70212699f8cc6c539e8c ] + +Add the generic icc sync_state callback to ensure interconnect votes +are taken into account, instead of being pegged at maximum values. + +Fixes: b95b668eaaa2 ("interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate") +Signed-off-by: Konrad Dybcio +Link: https://lore.kernel.org/r/20231130-topic-8250icc_syncstate-v1-1-7ce78ba6e04c@linaro.org +Signed-off-by: Georgi Djakov +Signed-off-by: Sasha Levin +--- + drivers/interconnect/qcom/sm8250.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/interconnect/qcom/sm8250.c b/drivers/interconnect/qcom/sm8250.c +index aa707582ea016..8dfb5dea562a3 100644 +--- a/drivers/interconnect/qcom/sm8250.c ++++ b/drivers/interconnect/qcom/sm8250.c +@@ -551,6 +551,7 @@ static struct platform_driver qnoc_driver = { + .driver = { + .name = "qnoc-sm8250", + .of_match_table = qnoc_of_match, ++ .sync_state = icc_sync_state, + }, + }; + module_platform_driver(qnoc_driver); +-- +2.43.0 + diff --git a/queue-5.15/interconnect-treat-xlate-returning-null-node-as-an-e.patch b/queue-5.15/interconnect-treat-xlate-returning-null-node-as-an-e.patch new file mode 100644 index 00000000000..f7c6b7a471c --- /dev/null +++ b/queue-5.15/interconnect-treat-xlate-returning-null-node-as-an-e.patch @@ -0,0 +1,45 @@ +From bd6624d3580520cfc7c82c3391d81079f559a608 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Oct 2023 07:58:29 -0700 +Subject: interconnect: Treat xlate() returning NULL node as an error + +From: Mike Tipton + +[ Upstream commit ad2ab1297d0c80899125a842bb7a078abfe1e6ce ] + +Currently, if provider->xlate() or provider->xlate_extended() +"successfully" return a NULL node, then of_icc_get_from_provider() won't +consider that an error and will successfully return the NULL node. This +bypasses error handling in of_icc_get_by_index() and leads to NULL +dereferences in path_find(). + +This could be avoided by ensuring provider callbacks always return an +error for NULL nodes, but it's better to explicitly protect against this +in the common framework. + +Fixes: 87e3031b6fbd ("interconnect: Allow endpoints translation via DT") +Signed-off-by: Mike Tipton +Link: https://lore.kernel.org/r/20231025145829.11603-1-quic_mdtipton@quicinc.com +Signed-off-by: Georgi Djakov +Signed-off-by: Sasha Levin +--- + drivers/interconnect/core.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/interconnect/core.c b/drivers/interconnect/core.c +index b7c41bd7409cd..aadb2b97498a0 100644 +--- a/drivers/interconnect/core.c ++++ b/drivers/interconnect/core.c +@@ -382,6 +382,9 @@ struct icc_node_data *of_icc_get_from_provider(struct of_phandle_args *spec) + } + mutex_unlock(&icc_lock); + ++ if (!node) ++ return ERR_PTR(-EINVAL); ++ + if (IS_ERR(node)) + return ERR_CAST(node); + +-- +2.43.0 + diff --git a/queue-5.15/scsi-bnx2fc-fix-skb-double-free-in-bnx2fc_rcv.patch b/queue-5.15/scsi-bnx2fc-fix-skb-double-free-in-bnx2fc_rcv.patch new file mode 100644 index 00000000000..1e50add1563 --- /dev/null +++ b/queue-5.15/scsi-bnx2fc-fix-skb-double-free-in-bnx2fc_rcv.patch @@ -0,0 +1,55 @@ +From 87b0c4ebcf083f3b0ed691f559c93e1b1266eb97 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 14 Nov 2022 11:06:26 +0000 +Subject: scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() + +From: Wei Yongjun + +[ Upstream commit 08c94d80b2da481652fb633e79cbc41e9e326a91 ] + +skb_share_check() already drops the reference to the skb when returning +NULL. Using kfree_skb() in the error handling path leads to an skb double +free. + +Fix this by removing the variable tmp_skb, and return directly when +skb_share_check() returns NULL. + +Fixes: 01a4cc4d0cd6 ("bnx2fc: do not add shared skbs to the fcoe_rx_list") +Signed-off-by: Wei Yongjun +Link: https://lore.kernel.org/r/20221114110626.526643-1-weiyongjun@huaweicloud.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c +index e2586472ecad4..6090434ad6f36 100644 +--- a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c ++++ b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c +@@ -432,7 +432,6 @@ static int bnx2fc_rcv(struct sk_buff *skb, struct net_device *dev, + struct fcoe_ctlr *ctlr; + struct fcoe_rcv_info *fr; + struct fcoe_percpu_s *bg; +- struct sk_buff *tmp_skb; + + interface = container_of(ptype, struct bnx2fc_interface, + fcoe_packet_type); +@@ -444,11 +443,9 @@ static int bnx2fc_rcv(struct sk_buff *skb, struct net_device *dev, + goto err; + } + +- tmp_skb = skb_share_check(skb, GFP_ATOMIC); +- if (!tmp_skb) +- goto err; +- +- skb = tmp_skb; ++ skb = skb_share_check(skb, GFP_ATOMIC); ++ if (!skb) ++ return -1; + + if (unlikely(eth_hdr(skb)->h_proto != htons(ETH_P_FCOE))) { + printk(KERN_ERR PFX "bnx2fc_rcv: Wrong FC type frame\n"); +-- +2.43.0 + diff --git a/queue-5.15/series b/queue-5.15/series index 33bbc57471b..cb9f9a26149 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -8,3 +8,8 @@ drm-i915-relocate-intel_atomic_setup_scalers.patch drm-i915-fix-intel_atomic_setup_scalers-plane_state-.patch smb-client-fix-null-deref-in-asn1_ber_decoder.patch smb-client-fix-oob-in-smb2_query_reparse_point.patch +interconnect-treat-xlate-returning-null-node-as-an-e.patch +iio-imu-inv_mpu6050-fix-an-error-code-problem-in-inv.patch +interconnect-qcom-sm8250-enable-sync_state.patch +input-ipaq-micro-keys-add-error-handling-for-devm_km.patch +scsi-bnx2fc-fix-skb-double-free-in-bnx2fc_rcv.patch -- 2.47.3