--- /dev/null
+From b73c3ccdca95c237750c981054997c71d33e09d7 Mon Sep 17 00:00:00 2001
+From: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Date: Fri, 28 Feb 2025 15:37:02 +0100
+Subject: MIPS: cm: Fix warning if MIPS_CM is disabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+
+commit b73c3ccdca95c237750c981054997c71d33e09d7 upstream.
+
+Commit e27fbe16af5c ("MIPS: cm: Detect CM quirks from device tree")
+introduced
+
+arch/mips/include/asm/mips-cm.h:119:13: error: ‘mips_cm_update_property’
+ defined but not used [-Werror=unused-function]
+
+Fix this by making empty function implementation inline
+
+Fixes: e27fbe16af5c ("MIPS: cm: Detect CM quirks from device tree")
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/include/asm/mips-cm.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/include/asm/mips-cm.h
++++ b/arch/mips/include/asm/mips-cm.h
+@@ -104,7 +104,7 @@ static inline bool mips_cm_present(void)
+ #ifdef CONFIG_MIPS_CM
+ extern void mips_cm_update_property(void);
+ #else
+-static void mips_cm_update_property(void) {}
++static inline void mips_cm_update_property(void) {}
+ #endif
+
+ /**
--- /dev/null
+From 26d7fb4fd4ca1180e2fa96587dea544563b4962a Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@kernel.org>
+Date: Mon, 14 Apr 2025 14:05:09 +0200
+Subject: nvme: fixup scan failure for non-ANA multipath controllers
+
+From: Hannes Reinecke <hare@kernel.org>
+
+commit 26d7fb4fd4ca1180e2fa96587dea544563b4962a upstream.
+
+Commit 62baf70c3274 caused the ANA log page to be re-read, even on
+controllers that do not support ANA. While this should generally
+harmless, some controllers hang on the unsupported log page and
+never finish probing.
+
+Fixes: 62baf70c3274 ("nvme: re-read ANA log page after ns scan completes")
+Signed-off-by: Hannes Reinecke <hare@kernel.org>
+Tested-by: Srikanth Aithal <sraithal@amd.com>
+[hch: more detailed commit message]
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvme/host/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -4226,7 +4226,7 @@ static void nvme_scan_work(struct work_s
+ if (test_bit(NVME_AER_NOTICE_NS_CHANGED, &ctrl->events))
+ nvme_queue_scan(ctrl);
+ #ifdef CONFIG_NVME_MULTIPATH
+- else
++ else if (ctrl->ana_log_buf)
+ /* Re-read the ANA log page to not miss updates */
+ queue_work(nvme_wq, &ctrl->ana_work);
+ #endif
--- /dev/null
+From 9d8ba74a181b1c81def21168795ed96cbe6f05ed Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+Date: Fri, 10 Feb 2023 14:46:39 +0100
+Subject: PCI: Fix dropping valid root bus resources with .end = zero
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+commit 9d8ba74a181b1c81def21168795ed96cbe6f05ed upstream.
+
+On r8a7791/koelsch:
+
+ kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
+ # cat /sys/kernel/debug/kmemleak
+ unreferenced object 0xc3a34e00 (size 64):
+ comm "swapper/0", pid 1, jiffies 4294937460 (age 199.080s)
+ hex dump (first 32 bytes):
+ b4 5d 81 f0 b4 5d 81 f0 c0 b0 a2 c3 00 00 00 00 .]...]..........
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ backtrace:
+ [<fe3aa979>] __kmalloc+0xf0/0x140
+ [<34bd6bc0>] resource_list_create_entry+0x18/0x38
+ [<767046bc>] pci_add_resource_offset+0x20/0x68
+ [<b3f3edf2>] devm_of_pci_get_host_bridge_resources.constprop.0+0xb0/0x390
+
+When coalescing two resources for a contiguous aperture, the second
+resource is enlarged to cover the full contiguous range, while the first
+resource is marked invalid. This invalidation is done by clearing the
+flags, start, and end members.
+
+When adding the initial resources to the bus later, invalid resources are
+skipped. Unfortunately, the check for an invalid resource considers only
+the end member, causing false positives.
+
+E.g. on r8a7791/koelsch, root bus resource 0 ("bus 00") is skipped, and no
+longer registered with pci_bus_insert_busn_res() (causing the memory leak),
+nor printed:
+
+ pci-rcar-gen2 ee090000.pci: host bridge /soc/pci@ee090000 ranges:
+ pci-rcar-gen2 ee090000.pci: MEM 0x00ee080000..0x00ee08ffff -> 0x00ee080000
+ pci-rcar-gen2 ee090000.pci: PCI: revision 11
+ pci-rcar-gen2 ee090000.pci: PCI host bridge to bus 0000:00
+ -pci_bus 0000:00: root bus resource [bus 00]
+ pci_bus 0000:00: root bus resource [mem 0xee080000-0xee08ffff]
+
+Fix this by only skipping resources where all of the flags, start, and end
+members are zero.
+
+Fixes: 7c3855c423b17f6c ("PCI: Coalesce host bridge contiguous apertures")
+Link: https://lore.kernel.org/r/da0fcd5e86c74239be79c7cb03651c0fce31b515.1676036673.git.geert+renesas@glider.be
+Tested-by: Niklas Schnelle <schnelle@linux.ibm.com>
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/probe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pci/probe.c
++++ b/drivers/pci/probe.c
+@@ -999,7 +999,7 @@ static int pci_register_host_bridge(stru
+ resource_list_for_each_entry_safe(window, n, &resources) {
+ offset = window->offset;
+ res = window->res;
+- if (!res->end)
++ if (!res->flags && !res->start && !res->end)
+ continue;
+
+ list_move_tail(&window->node, &bridge->windows);
--- /dev/null
+From 30ba2d09edb5ea857a1473ae3d820911347ada62 Mon Sep 17 00:00:00 2001
+From: Rob Herring <robh@kernel.org>
+Date: Wed, 29 Mar 2023 07:38:35 -0500
+Subject: PCI: Fix use-after-free in pci_bus_release_domain_nr()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rob Herring <robh@kernel.org>
+
+commit 30ba2d09edb5ea857a1473ae3d820911347ada62 upstream.
+
+Commit c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()")
+introduced a use-after-free bug in the bus removal cleanup. The issue was
+found with kfence:
+
+ [ 19.293351] BUG: KFENCE: use-after-free read in pci_bus_release_domain_nr+0x10/0x70
+
+ [ 19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115):
+ [ 19.309677] pci_bus_release_domain_nr+0x10/0x70
+ [ 19.309691] dw_pcie_host_deinit+0x28/0x78
+ [ 19.309702] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]
+ [ 19.309734] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]
+ [ 19.309752] platform_probe+0x90/0xd8
+ ...
+
+ [ 19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k
+
+ [ 19.311469] allocated by task 96 on cpu 10 at 19.279323s:
+ [ 19.311562] __kmem_cache_alloc_node+0x260/0x278
+ [ 19.311571] kmalloc_trace+0x24/0x30
+ [ 19.311580] pci_alloc_bus+0x24/0xa0
+ [ 19.311590] pci_register_host_bridge+0x48/0x4b8
+ [ 19.311601] pci_scan_root_bus_bridge+0xc0/0xe8
+ [ 19.311613] pci_host_probe+0x18/0xc0
+ [ 19.311623] dw_pcie_host_init+0x2c0/0x568
+ [ 19.311630] tegra_pcie_dw_probe+0x610/0xb28 [pcie_tegra194]
+ [ 19.311647] platform_probe+0x90/0xd8
+ ...
+
+ [ 19.311782] freed by task 96 on cpu 10 at 19.285833s:
+ [ 19.311799] release_pcibus_dev+0x30/0x40
+ [ 19.311808] device_release+0x30/0x90
+ [ 19.311814] kobject_put+0xa8/0x120
+ [ 19.311832] device_unregister+0x20/0x30
+ [ 19.311839] pci_remove_bus+0x78/0x88
+ [ 19.311850] pci_remove_root_bus+0x5c/0x98
+ [ 19.311860] dw_pcie_host_deinit+0x28/0x78
+ [ 19.311866] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]
+ [ 19.311883] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]
+ [ 19.311900] platform_probe+0x90/0xd8
+ ...
+
+ [ 19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4
+ [ 19.320171] Hardware name: /, BIOS 1.0-d7fb19b 08/10/2022
+ [ 19.325852] Workqueue: events_unbound deferred_probe_work_func
+
+The stack trace is a bit misleading as dw_pcie_host_deinit() doesn't
+directly call pci_bus_release_domain_nr(). The issue turns out to be in
+pci_remove_root_bus() which first calls pci_remove_bus() which frees the
+struct pci_bus when its struct device is released. Then
+pci_bus_release_domain_nr() is called and accesses the freed struct
+pci_bus. Reordering these fixes the issue.
+
+Fixes: c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()")
+Link: https://lore.kernel.org/r/20230329123835.2724518-1-robh@kernel.org
+Link: https://lore.kernel.org/r/b529cb69-0602-9eed-fc02-2f068707a006@nvidia.com
+Reported-by: Jon Hunter <jonathanh@nvidia.com>
+Tested-by: Jon Hunter <jonathanh@nvidia.com>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
+Cc: stable@vger.kernel.org # v6.2+
+Cc: Pali Rohár <pali@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/remove.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/remove.c
++++ b/drivers/pci/remove.c
+@@ -157,8 +157,6 @@ void pci_remove_root_bus(struct pci_bus
+ list_for_each_entry_safe(child, tmp,
+ &bus->devices, bus_list)
+ pci_remove_bus_device(child);
+- pci_remove_bus(bus);
+- host_bridge->bus = NULL;
+
+ #ifdef CONFIG_PCI_DOMAINS_GENERIC
+ /* Release domain_nr if it was dynamically allocated */
+@@ -166,6 +164,9 @@ void pci_remove_root_bus(struct pci_bus
+ pci_bus_release_domain_nr(bus, host_bridge->dev.parent);
+ #endif
+
++ pci_remove_bus(bus);
++ host_bridge->bus = NULL;
++
+ /* remove the host bridge */
+ device_del(&host_bridge->dev);
+ }
--- /dev/null
+From e54223275ba1bc6f704a6bab015fcd2ae4f72572 Mon Sep 17 00:00:00 2001
+From: Ross Lagerwall <ross.lagerwall@citrix.com>
+Date: Thu, 25 May 2023 16:32:48 +0100
+Subject: PCI: Release resource invalidated by coalescing
+
+From: Ross Lagerwall <ross.lagerwall@citrix.com>
+
+commit e54223275ba1bc6f704a6bab015fcd2ae4f72572 upstream.
+
+When contiguous windows are coalesced by pci_register_host_bridge(), the
+second resource is expanded to include the first, and the first is
+invalidated and consequently not added to the bus. However, it remains in
+the resource hierarchy. For example, these windows:
+
+ fec00000-fec7ffff : PCI Bus 0000:00
+ fec80000-fecbffff : PCI Bus 0000:00
+
+are coalesced into this, where the first resource remains in the tree with
+start/end zeroed out:
+
+ 00000000-00000000 : PCI Bus 0000:00
+ fec00000-fecbffff : PCI Bus 0000:00
+
+In some cases (e.g. the Xen scratch region), this causes future calls to
+allocate_resource() to choose an inappropriate location which the caller
+cannot handle.
+
+Fix by releasing the zeroed-out resource and removing it from the resource
+hierarchy.
+
+[bhelgaas: commit log]
+Fixes: 7c3855c423b1 ("PCI: Coalesce host bridge contiguous apertures")
+Link: https://lore.kernel.org/r/20230525153248.712779-1-ross.lagerwall@citrix.com
+Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Cc: stable@vger.kernel.org # v5.16+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/probe.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/probe.c
++++ b/drivers/pci/probe.c
+@@ -999,8 +999,10 @@ static int pci_register_host_bridge(stru
+ resource_list_for_each_entry_safe(window, n, &resources) {
+ offset = window->offset;
+ res = window->res;
+- if (!res->flags && !res->start && !res->end)
++ if (!res->flags && !res->start && !res->end) {
++ release_resource(res);
+ continue;
++ }
+
+ list_move_tail(&window->node, &bridge->windows);
+
net-dsa-mv88e6xxx-enable-.port_set_policy-for-6320-family.patch
drm-amd-display-fix-double-free-issue-during-amdgpu-module-unload.patch
xdp-reset-bpf_redirect_info-before-running-a-xdp-s-bpf-prog.patch
+mips-cm-fix-warning-if-mips_cm-is-disabled.patch
+nvme-fixup-scan-failure-for-non-ana-multipath-controllers.patch
+pci-fix-use-after-free-in-pci_bus_release_domain_nr.patch
+pci-fix-dropping-valid-root-bus-resources-with-.end-zero.patch
+pci-release-resource-invalidated-by-coalescing.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
