--- /dev/null
+From 2dd710d476f2f1f6eaca884f625f69ef4389ed40 Mon Sep 17 00:00:00 2001
+From: Khazhismel Kumykov <khazhy@chromium.org>
+Date: Fri, 20 Oct 2023 15:36:17 -0700
+Subject: blk-throttle: check for overflow in calculate_bytes_allowed
+
+From: Khazhismel Kumykov <khazhy@chromium.org>
+
+commit 2dd710d476f2f1f6eaca884f625f69ef4389ed40 upstream.
+
+Inexact, we may reject some not-overflowing values incorrectly, but
+they'll be on the order of exabytes allowed anyways.
+
+This fixes divide error crash on x86 if bps_limit is not configured or
+is set too high in the rare case that jiffy_elapsed is greater than HZ.
+
+Fixes: e8368b57c006 ("blk-throttle: use calculate_io/bytes_allowed() for throtl_trim_slice()")
+Fixes: 8d6bbaada2e0 ("blk-throttle: prevent overflow while calculating wait time")
+Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
+Acked-by: Tejun Heo <tj@kernel.org>
+Link: https://lore.kernel.org/r/20231020223617.2739774-1-khazhy@google.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ block/blk-throttle.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/block/blk-throttle.c
++++ b/block/blk-throttle.c
+@@ -723,6 +723,12 @@ static unsigned int calculate_io_allowed
+
+ static u64 calculate_bytes_allowed(u64 bps_limit, unsigned long jiffy_elapsed)
+ {
++ /*
++ * Can result be wider than 64 bits?
++ * We check against 62, not 64, due to ilog2 truncation.
++ */
++ if (ilog2(bps_limit) + ilog2(jiffy_elapsed) - ilog2(HZ) > 62)
++ return U64_MAX;
+ return mul_u64_u64_div_u64(bps_limit, (u64)jiffy_elapsed, (u64)HZ);
+ }
+
--- /dev/null
+From babddbfb7d7d70ae7f10fedd75a45d8ad75fdddf Mon Sep 17 00:00:00 2001
+From: Haibo Li <haibo.li@mediatek.com>
+Date: Mon, 9 Oct 2023 15:37:48 +0800
+Subject: kasan: print the original fault addr when access invalid shadow
+
+From: Haibo Li <haibo.li@mediatek.com>
+
+commit babddbfb7d7d70ae7f10fedd75a45d8ad75fdddf upstream.
+
+when the checked address is illegal,the corresponding shadow address from
+kasan_mem_to_shadow may have no mapping in mmu table. Access such shadow
+address causes kernel oops. Here is a sample about oops on arm64(VA
+39bit) with KASAN_SW_TAGS and KASAN_OUTLINE on:
+
+[ffffffb80aaaaaaa] pgd=000000005d3ce003, p4d=000000005d3ce003,
+ pud=000000005d3ce003, pmd=0000000000000000
+Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
+Modules linked in:
+CPU: 3 PID: 100 Comm: sh Not tainted 6.6.0-rc1-dirty #43
+Hardware name: linux,dummy-virt (DT)
+pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+pc : __hwasan_load8_noabort+0x5c/0x90
+lr : do_ib_ob+0xf4/0x110
+ffffffb80aaaaaaa is the shadow address for efffff80aaaaaaaa.
+The problem is reading invalid shadow in kasan_check_range.
+
+The generic kasan also has similar oops.
+
+It only reports the shadow address which causes oops but not
+the original address.
+
+Commit 2f004eea0fc8("x86/kasan: Print original address on #GP")
+introduce to kasan_non_canonical_hook but limit it to KASAN_INLINE.
+
+This patch extends it to KASAN_OUTLINE mode.
+
+Link: https://lkml.kernel.org/r/20231009073748.159228-1-haibo.li@mediatek.com
+Fixes: 2f004eea0fc8("x86/kasan: Print original address on #GP")
+Signed-off-by: Haibo Li <haibo.li@mediatek.com>
+Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
+Cc: Alexander Potapenko <glider@google.com>
+Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Cc: Haibo Li <haibo.li@mediatek.com>
+Cc: Matthias Brugger <matthias.bgg@gmail.com>
+Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Cc: Kees Cook <keescook@chromium.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/kasan.h | 6 +++---
+ mm/kasan/report.c | 4 +---
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+--- a/include/linux/kasan.h
++++ b/include/linux/kasan.h
+@@ -464,10 +464,10 @@ static inline void kasan_free_module_sha
+
+ #endif /* (CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS) && !CONFIG_KASAN_VMALLOC */
+
+-#ifdef CONFIG_KASAN_INLINE
++#ifdef CONFIG_KASAN
+ void kasan_non_canonical_hook(unsigned long addr);
+-#else /* CONFIG_KASAN_INLINE */
++#else /* CONFIG_KASAN */
+ static inline void kasan_non_canonical_hook(unsigned long addr) { }
+-#endif /* CONFIG_KASAN_INLINE */
++#endif /* CONFIG_KASAN */
+
+ #endif /* LINUX_KASAN_H */
+--- a/mm/kasan/report.c
++++ b/mm/kasan/report.c
+@@ -621,9 +621,8 @@ void kasan_report_async(void)
+ }
+ #endif /* CONFIG_KASAN_HW_TAGS */
+
+-#ifdef CONFIG_KASAN_INLINE
+ /*
+- * With CONFIG_KASAN_INLINE, accesses to bogus pointers (outside the high
++ * With CONFIG_KASAN, accesses to bogus pointers (outside the high
+ * canonical half of the address space) cause out-of-bounds shadow memory reads
+ * before the actual access. For addresses in the low canonical half of the
+ * address space, as well as most non-canonical addresses, that out-of-bounds
+@@ -659,4 +658,3 @@ void kasan_non_canonical_hook(unsigned l
+ pr_alert("KASAN: %s in range [0x%016lx-0x%016lx]\n", bug_type,
+ orig_addr, orig_addr + KASAN_GRANULE_SIZE - 1);
+ }
+-#endif
--- /dev/null
+From 24eca2dce0f8d19db808c972b0281298d0bafe99 Mon Sep 17 00:00:00 2001
+From: Damien Le Moal <dlemoal@kernel.org>
+Date: Wed, 25 Oct 2023 15:46:12 +0900
+Subject: scsi: sd: Introduce manage_shutdown device flag
+
+From: Damien Le Moal <dlemoal@kernel.org>
+
+commit 24eca2dce0f8d19db808c972b0281298d0bafe99 upstream.
+
+Commit aa3998dbeb3a ("ata: libata-scsi: Disable scsi device
+manage_system_start_stop") change setting the manage_system_start_stop
+flag to false for libata managed disks to enable libata internal
+management of disk suspend/resume. However, a side effect of this change
+is that on system shutdown, disks are no longer being stopped (set to
+standby mode with the heads unloaded). While this is not a critical
+issue, this unclean shutdown is not recommended and shows up with
+increased smart counters (e.g. the unexpected power loss counter
+"Unexpect_Power_Loss_Ct").
+
+Instead of defining a shutdown driver method for all ATA adapter
+drivers (not all of them define that operation), this patch resolves
+this issue by further refining the sd driver start/stop control of disks
+using the new flag manage_shutdown. If this new flag is set to true by
+a low level driver, the function sd_shutdown() will issue a
+START STOP UNIT command with the start argument set to 0 when a disk
+needs to be powered off (suspended) on system power off, that is, when
+system_state is equal to SYSTEM_POWER_OFF.
+
+Similarly to the other manage_xxx flags, the new manage_shutdown flag is
+exposed through sysfs as a read-write device attribute.
+
+To avoid any confusion between manage_shutdown and
+manage_system_start_stop, the comments describing these flags in
+include/scsi/scsi.h are also improved.
+
+Fixes: aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop")
+Cc: stable@vger.kernel.org
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218038
+Link: https://lore.kernel.org/all/cd397c88-bf53-4768-9ab8-9d107df9e613@gmail.com/
+Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
+Reviewed-by: Niklas Cassel <niklas.cassel@wdc.com>
+Reviewed-by: Hannes Reinecke <hare@suse.de>
+Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ata/libata-scsi.c | 5 +++--
+ drivers/firewire/sbp2.c | 1 +
+ drivers/scsi/sd.c | 39 ++++++++++++++++++++++++++++++++++++---
+ include/scsi/scsi_device.h | 20 ++++++++++++++++++--
+ 4 files changed, 58 insertions(+), 7 deletions(-)
+
+--- a/drivers/ata/libata-scsi.c
++++ b/drivers/ata/libata-scsi.c
+@@ -1103,10 +1103,11 @@ int ata_scsi_dev_config(struct scsi_devi
+
+ /*
+ * Ask the sd driver to issue START STOP UNIT on runtime suspend
+- * and resume only. For system level suspend/resume, devices
+- * power state is handled directly by libata EH.
++ * and resume and shutdown only. For system level suspend/resume,
++ * devices power state is handled directly by libata EH.
+ */
+ sdev->manage_runtime_start_stop = true;
++ sdev->manage_shutdown = true;
+ }
+
+ /*
+--- a/drivers/firewire/sbp2.c
++++ b/drivers/firewire/sbp2.c
+@@ -1521,6 +1521,7 @@ static int sbp2_scsi_slave_configure(str
+ if (sbp2_param_exclusive_login) {
+ sdev->manage_system_start_stop = true;
+ sdev->manage_runtime_start_stop = true;
++ sdev->manage_shutdown = true;
+ }
+
+ if (sdev->type == TYPE_ROM)
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -221,7 +221,8 @@ manage_start_stop_show(struct device *de
+
+ return sysfs_emit(buf, "%u\n",
+ sdp->manage_system_start_stop &&
+- sdp->manage_runtime_start_stop);
++ sdp->manage_runtime_start_stop &&
++ sdp->manage_shutdown);
+ }
+ static DEVICE_ATTR_RO(manage_start_stop);
+
+@@ -287,6 +288,35 @@ manage_runtime_start_stop_store(struct d
+ }
+ static DEVICE_ATTR_RW(manage_runtime_start_stop);
+
++static ssize_t manage_shutdown_show(struct device *dev,
++ struct device_attribute *attr, char *buf)
++{
++ struct scsi_disk *sdkp = to_scsi_disk(dev);
++ struct scsi_device *sdp = sdkp->device;
++
++ return sysfs_emit(buf, "%u\n", sdp->manage_shutdown);
++}
++
++static ssize_t manage_shutdown_store(struct device *dev,
++ struct device_attribute *attr,
++ const char *buf, size_t count)
++{
++ struct scsi_disk *sdkp = to_scsi_disk(dev);
++ struct scsi_device *sdp = sdkp->device;
++ bool v;
++
++ if (!capable(CAP_SYS_ADMIN))
++ return -EACCES;
++
++ if (kstrtobool(buf, &v))
++ return -EINVAL;
++
++ sdp->manage_shutdown = v;
++
++ return count;
++}
++static DEVICE_ATTR_RW(manage_shutdown);
++
+ static ssize_t
+ allow_restart_show(struct device *dev, struct device_attribute *attr, char *buf)
+ {
+@@ -619,6 +649,7 @@ static struct attribute *sd_disk_attrs[]
+ &dev_attr_manage_start_stop.attr,
+ &dev_attr_manage_system_start_stop.attr,
+ &dev_attr_manage_runtime_start_stop.attr,
++ &dev_attr_manage_shutdown.attr,
+ &dev_attr_protection_type.attr,
+ &dev_attr_protection_mode.attr,
+ &dev_attr_app_tag_own.attr,
+@@ -3858,8 +3889,10 @@ static void sd_shutdown(struct device *d
+ sd_sync_cache(sdkp, NULL);
+ }
+
+- if (system_state != SYSTEM_RESTART &&
+- sdkp->device->manage_system_start_stop) {
++ if ((system_state != SYSTEM_RESTART &&
++ sdkp->device->manage_system_start_stop) ||
++ (system_state == SYSTEM_POWER_OFF &&
++ sdkp->device->manage_shutdown)) {
+ sd_printk(KERN_NOTICE, sdkp, "Stopping disk\n");
+ sd_start_stop_device(sdkp, 0);
+ }
+--- a/include/scsi/scsi_device.h
++++ b/include/scsi/scsi_device.h
+@@ -162,8 +162,24 @@ struct scsi_device {
+ * core. */
+ unsigned int eh_timeout; /* Error handling timeout */
+
+- bool manage_system_start_stop; /* Let HLD (sd) manage system start/stop */
+- bool manage_runtime_start_stop; /* Let HLD (sd) manage runtime start/stop */
++ /*
++ * If true, let the high-level device driver (sd) manage the device
++ * power state for system suspend/resume (suspend to RAM and
++ * hibernation) operations.
++ */
++ bool manage_system_start_stop;
++
++ /*
++ * If true, let the high-level device driver (sd) manage the device
++ * power state for runtime device suspand and resume operations.
++ */
++ bool manage_runtime_start_stop;
++
++ /*
++ * If true, let the high-level device driver (sd) manage the device
++ * power state for system shutdown (power off) operations.
++ */
++ bool manage_shutdown;
+
+ unsigned removable:1;
+ unsigned changed:1; /* Data invalid due to media change */
projects / thirdparty / kernel / stable-queue.git / commitdiff
