Fixes for 5.15

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.15/arm-9216-1-fix-max_dma_address-overflow.patch b/queue-5.15/arm-9216-1-fix-max_dma_address-overflow.patch
new file mode 100644 (file)
index 0000000..6c25ba8
--- /dev/null
+++ b/queue-5.15/arm-9216-1-fix-max_dma_address-overflow.patch
@@ -0,0 +1,52 @@
+From d9271cfc8dfa79c68640c008ae5908e0d1ef3463 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 19 Jul 2022 17:33:21 +0100
+Subject: ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+[ Upstream commit fb0fd3469ead5b937293c213daa1f589b4b7ce46 ]
+
+Commit 26f09e9b3a06 ("mm/memblock: add memblock memory allocation apis")
+added a check to determine whether arm_dma_zone_size is exceeding the
+amount of kernel virtual address space available between the upper 4GB
+virtual address limit and PAGE_OFFSET in order to provide a suitable
+definition of MAX_DMA_ADDRESS that should fit within the 32-bit virtual
+address space. The quantity used for comparison was off by a missing
+trailing 0, leading to MAX_DMA_ADDRESS to be overflowing a 32-bit
+quantity.
+
+This was caught thanks to CONFIG_DEBUG_VIRTUAL on the bcm2711 platform
+where we define a dma_zone_size of 1GB and we have a PAGE_OFFSET value
+of 0xc000_0000 (CONFIG_VMSPLIT_3G) leading to MAX_DMA_ADDRESS being
+0x1_0000_0000 which overflows the unsigned long type used throughout
+__pa() and then __virt_addr_valid(). Because the virtual address passed
+to __virt_addr_valid() would now be 0, the function would loudly warn
+and flood the kernel log, thus making the platform unable to boot
+properly.
+
+Fixes: 26f09e9b3a06 ("mm/memblock: add memblock memory allocation apis")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/include/asm/dma.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/include/asm/dma.h b/arch/arm/include/asm/dma.h
+index a81dda65c576..45180a2cc47c 100644
+--- a/arch/arm/include/asm/dma.h
++++ b/arch/arm/include/asm/dma.h
+@@ -10,7 +10,7 @@
+ #else
+ #define MAX_DMA_ADDRESS       ({ \
+       extern phys_addr_t arm_dma_zone_size; \
+-      arm_dma_zone_size && arm_dma_zone_size < (0x10000000 - PAGE_OFFSET) ? \
++      arm_dma_zone_size && arm_dma_zone_size < (0x100000000ULL - PAGE_OFFSET) ? \
+               (PAGE_OFFSET + arm_dma_zone_size) : 0xffffffffUL; })
+ #endif
+ 
+-- 
+2.35.1
+

diff --git a/queue-5.15/series b/queue-5.15/series
index e9a9bbe59cc99fe6fc9984d7a1b262abccb80694..db3d5633cb382b1e321a93519d3ca27663245416 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -62,3 +62,4 @@ sctp-leave-the-err-path-free-in-sctp_stream_init-to-.patch
 arm-crypto-comment-out-gcc-warning-that-breaks-clang-builds.patch
 mm-hmm-fault-non-owner-device-private-entries.patch
 page_alloc-fix-invalid-watermark-check-on-a-negative-value.patch
+arm-9216-1-fix-max_dma_address-overflow.patch