5.10-stable patches

added patches:
	lib-vsprintf.c-remove-leftover-f-and-f-cases-from-bstr_printf.patch
	thermal-core-fair-share-lock-the-thermal-zone-while-looping-over-instances.patch
	thermal-drivers-cpufreq_cooling-fix-slab-oob-issue.patch

diff --git a/queue-5.10/lib-vsprintf.c-remove-leftover-f-and-f-cases-from-bstr_printf.patch b/queue-5.10/lib-vsprintf.c-remove-leftover-f-and-f-cases-from-bstr_printf.patch
new file mode 100644 (file)
index 0000000..92f04cf
--- /dev/null
+++ b/queue-5.10/lib-vsprintf.c-remove-leftover-f-and-f-cases-from-bstr_printf.patch
@@ -0,0 +1,48 @@
+From 84696cfaf4d90945eb2a8302edc6cf627db56b84 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Date: Fri, 23 Apr 2021 11:45:29 +0200
+Subject: lib/vsprintf.c: remove leftover 'f' and 'F' cases from bstr_printf()
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+commit 84696cfaf4d90945eb2a8302edc6cf627db56b84 upstream.
+
+Commit 9af7706492f9 ("lib/vsprintf: Remove support for %pF and %pf in
+favour of %pS and %ps") removed support for %pF and %pf, and correctly
+removed the handling of those cases in vbin_printf(). However, the
+corresponding cases in bstr_printf() were left behind.
+
+In the same series, %pf was re-purposed for dealing with
+fwnodes (3bd32d6a2ee6, "lib/vsprintf: Add %pfw conversion specifier
+for printing fwnode names").
+
+So should anyone use %pf with the binary printf routines,
+vbin_printf() would (correctly, as it involves dereferencing the
+pointer) do the string formatting to the u32 array, but bstr_printf()
+would not copy the string from the u32 array, but instead interpret
+the first sizeof(void*) bytes of the formatted string as a pointer -
+which generally won't end well (also, all subsequent get_args would be
+out of sync).
+
+Fixes: 9af7706492f9 ("lib/vsprintf: Remove support for %pF and %pf in favour of %pS and %ps")
+Cc: stable@vger.kernel.org
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Link: https://lore.kernel.org/r/20210423094529.1862521-1-linux@rasmusvillemoes.dk
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/vsprintf.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/lib/vsprintf.c
++++ b/lib/vsprintf.c
+@@ -3102,8 +3102,6 @@ int bstr_printf(char *buf, size_t size,
+                       switch (*fmt) {
+                       case 'S':
+                       case 's':
+-                      case 'F':
+-                      case 'f':
+                       case 'x':
+                       case 'K':
+                       case 'e':

diff --git a/queue-5.10/series b/queue-5.10/series
index ffcac1fc68b5697ebe050aba342bb81352d7e9c6..99ef12b57de031808660a6820fa55a5892691a53 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -294,3 +294,6 @@ dm-persistent-data-packed-struct-should-have-an-aligned-attribute-too.patch
 dm-space-map-common-fix-division-bug-in-sm_ll_find_free_block.patch
 dm-integrity-fix-missing-goto-in-bitmap_flush_interval-error-handling.patch
 dm-rq-fix-double-free-of-blk_mq_tag_set-in-dev-remove-after-table-load-fails.patch
+lib-vsprintf.c-remove-leftover-f-and-f-cases-from-bstr_printf.patch
+thermal-drivers-cpufreq_cooling-fix-slab-oob-issue.patch
+thermal-core-fair-share-lock-the-thermal-zone-while-looping-over-instances.patch

diff --git a/queue-5.10/thermal-core-fair-share-lock-the-thermal-zone-while-looping-over-instances.patch b/queue-5.10/thermal-core-fair-share-lock-the-thermal-zone-while-looping-over-instances.patch
new file mode 100644 (file)
index 0000000..6676f6d
--- /dev/null
+++ b/queue-5.10/thermal-core-fair-share-lock-the-thermal-zone-while-looping-over-instances.patch
@@ -0,0 +1,42 @@
+From fef05776eb02238dcad8d5514e666a42572c3f32 Mon Sep 17 00:00:00 2001
+From: Lukasz Luba <lukasz.luba@arm.com>
+Date: Thu, 22 Apr 2021 16:36:22 +0100
+Subject: thermal/core/fair share: Lock the thermal zone while looping over instances
+
+From: Lukasz Luba <lukasz.luba@arm.com>
+
+commit fef05776eb02238dcad8d5514e666a42572c3f32 upstream.
+
+The tz->lock must be hold during the looping over the instances in that
+thermal zone. This lock was missing in the governor code since the
+beginning, so it's hard to point into a particular commit.
+
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Lukasz Luba <lukasz.luba@arm.com>
+Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
+Link: https://lore.kernel.org/r/20210422153624.6074-2-lukasz.luba@arm.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/thermal/gov_fair_share.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/thermal/gov_fair_share.c
++++ b/drivers/thermal/gov_fair_share.c
+@@ -82,6 +82,8 @@ static int fair_share_throttle(struct th
+       int total_instance = 0;
+       int cur_trip_level = get_trip_level(tz);
+ 
++      mutex_lock(&tz->lock);
++
+       list_for_each_entry(instance, &tz->thermal_instances, tz_node) {
+               if (instance->trip != trip)
+                       continue;
+@@ -110,6 +112,8 @@ static int fair_share_throttle(struct th
+               mutex_unlock(&instance->cdev->lock);
+               thermal_cdev_update(cdev);
+       }
++
++      mutex_unlock(&tz->lock);
+       return 0;
+ }
+ 

diff --git a/queue-5.10/thermal-drivers-cpufreq_cooling-fix-slab-oob-issue.patch b/queue-5.10/thermal-drivers-cpufreq_cooling-fix-slab-oob-issue.patch
new file mode 100644 (file)
index 0000000..f38187c
--- /dev/null
+++ b/queue-5.10/thermal-drivers-cpufreq_cooling-fix-slab-oob-issue.patch
@@ -0,0 +1,60 @@
+From 34ab17cc6c2c1ac93d7e5d53bb972df9a968f085 Mon Sep 17 00:00:00 2001
+From: brian-sy yang <brian-sy.yang@mediatek.com>
+Date: Tue, 29 Dec 2020 13:08:31 +0800
+Subject: thermal/drivers/cpufreq_cooling: Fix slab OOB issue
+
+From: brian-sy yang <brian-sy.yang@mediatek.com>
+
+commit 34ab17cc6c2c1ac93d7e5d53bb972df9a968f085 upstream.
+
+Slab OOB issue is scanned by KASAN in cpu_power_to_freq().
+If power is limited below the power of OPP0 in EM table,
+it will cause slab out-of-bound issue with negative array
+index.
+
+Return the lowest frequency if limited power cannot found
+a suitable OPP in EM table to fix this issue.
+
+Backtrace:
+[<ffffffd02d2a37f0>] die+0x104/0x5ac
+[<ffffffd02d2a5630>] bug_handler+0x64/0xd0
+[<ffffffd02d288ce4>] brk_handler+0x160/0x258
+[<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0
+[<ffffffd02d284488>] el1_dbg+0x14/0xbc
+[<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0
+[<ffffffd02d75c2e0>] kasan_report+0x10/0x20
+[<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28
+[<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c
+[<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4
+[<ffffffd02e6fac24>] allocate_power+0xaec/0xde0
+[<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4
+[<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294
+[<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154
+[<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28
+[<ffffffd02d352f44>] worker_thread+0xa4c/0xfac
+[<ffffffd02d360124>] kthread+0x33c/0x358
+[<ffffffd02d289940>] ret_from_fork+0xc/0x18
+
+Fixes: 371a3bc79c11b ("thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power")
+Signed-off-by: brian-sy yang <brian-sy.yang@mediatek.com>
+Signed-off-by: Michael Kao <michael.kao@mediatek.com>
+Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
+Cc: stable@vger.kernel.org #v5.7
+Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
+Link: https://lore.kernel.org/r/20201229050831.19493-1-michael.kao@mediatek.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/thermal/cpufreq_cooling.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/thermal/cpufreq_cooling.c
++++ b/drivers/thermal/cpufreq_cooling.c
+@@ -123,7 +123,7 @@ static u32 cpu_power_to_freq(struct cpuf
+ {
+       int i;
+ 
+-      for (i = cpufreq_cdev->max_level; i >= 0; i--) {
++      for (i = cpufreq_cdev->max_level; i > 0; i--) {
+               if (power >= cpufreq_cdev->em->table[i].power)
+                       break;
+       }