--- /dev/null
+From 88a9a467c548d0b3c7761b4fd54a68e70f9c0944 Mon Sep 17 00:00:00 2001
+From: Jesse Zhang <jesse.zhang@amd.com>
+Date: Wed, 24 Apr 2024 17:10:46 +0800
+Subject: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jesse Zhang <jesse.zhang@amd.com>
+
+commit 88a9a467c548d0b3c7761b4fd54a68e70f9c0944 upstream.
+
+Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.
+V2: To really improve the handling we would actually
+ need to have a separate value of 0xffffffff.(Christian)
+
+Signed-off-by: Jesse Zhang <jesse.zhang@amd.com>
+Suggested-by: Christian König <christian.koenig@amd.com>
+Reviewed-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Vamsi Krishna Brahmajosyula <vamsi-krishna.brahmajosyula@broadcom.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c
+@@ -725,7 +725,8 @@ int amdgpu_vce_ring_parse_cs(struct amdg
+ uint32_t created = 0;
+ uint32_t allocated = 0;
+ uint32_t tmp, handle = 0;
+- uint32_t *size = &tmp;
++ uint32_t dummy = 0xffffffff;
++ uint32_t *size = &dummy;
+ unsigned idx;
+ int i, r = 0;
+
--- /dev/null
+From dbaee836d60a8e1b03e7d53a37893235662ba124 Mon Sep 17 00:00:00 2001
+From: Sami Tolvanen <samitolvanen@google.com>
+Date: Fri, 5 Mar 2021 12:21:24 -0800
+Subject: KVM: arm64: Don't use cbz/adr with external symbols
+
+From: Sami Tolvanen <samitolvanen@google.com>
+
+commit dbaee836d60a8e1b03e7d53a37893235662ba124 upstream.
+
+allmodconfig + CONFIG_LTO_CLANG_THIN=y fails to build due to following
+linker errors:
+
+ ld.lld: error: irqbypass.c:(function __guest_enter: .text+0x21CC):
+ relocation R_AARCH64_CONDBR19 out of range: 2031220 is not in
+ [-1048576, 1048575]; references hyp_panic
+ >>> defined in vmlinux.o
+
+ ld.lld: error: irqbypass.c:(function __guest_enter: .text+0x21E0):
+ relocation R_AARCH64_ADR_PREL_LO21 out of range: 2031200 is not in
+ [-1048576, 1048575]; references hyp_panic
+ >>> defined in vmlinux.o
+
+This is because with LTO, the compiler ends up placing hyp_panic()
+more than 1MB away from __guest_enter(). Use an unconditional branch
+and adr_l instead to fix the issue.
+
+Link: https://github.com/ClangBuiltLinux/linux/issues/1317
+Reported-by: Nathan Chancellor <nathan@kernel.org>
+Suggested-by: Marc Zyngier <maz@kernel.org>
+Suggested-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Acked-by: Will Deacon <will@kernel.org>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20210305202124.3768527-1-samitolvanen@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/hyp/entry.S | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/kvm/hyp/entry.S
++++ b/arch/arm64/kvm/hyp/entry.S
+@@ -85,8 +85,10 @@ SYM_INNER_LABEL(__guest_exit_panic, SYM_
+
+ // If the hyp context is loaded, go straight to hyp_panic
+ get_loaded_vcpu x0, x1
+- cbz x0, hyp_panic
++ cbnz x0, 1f
++ b hyp_panic
+
++1:
+ // The hyp context is saved so make sure it is restored to allow
+ // hyp_panic to run at hyp and, subsequently, panic to run in the host.
+ // This makes use of __guest_exit to avoid duplication but sets the
+@@ -94,7 +96,7 @@ SYM_INNER_LABEL(__guest_exit_panic, SYM_
+ // current state is saved to the guest context but it will only be
+ // accurate if the guest had been completely restored.
+ adr_this_cpu x0, kvm_hyp_ctxt, x1
+- adr x1, hyp_panic
++ adr_l x1, hyp_panic
+ str x1, [x0, #CPU_XREG_OFFSET(30)]
+
+ get_vcpu_ptr x1, x0
--- /dev/null
+From 128f71fe014fc91efa1407ce549f94a9a9f1072c Mon Sep 17 00:00:00 2001
+From: Huang-Huang Bao <i@eh5.me>
+Date: Tue, 9 Jul 2024 18:54:28 +0800
+Subject: pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
+
+From: Huang-Huang Bao <i@eh5.me>
+
+commit 128f71fe014fc91efa1407ce549f94a9a9f1072c upstream.
+
+The base iomux offsets for each GPIO pin line are accumulatively
+calculated based off iomux width flag in rockchip_pinctrl_get_soc_data.
+If the iomux width flag is one of IOMUX_WIDTH_4BIT, IOMUX_WIDTH_3BIT or
+IOMUX_WIDTH_2BIT, the base offset for next pin line would increase by 8
+bytes, otherwise it would increase by 4 bytes.
+
+Despite most of GPIO2-B iomux have 2-bit data width, which can be fit
+into 4 bytes space with write mask, it actually take 8 bytes width for
+whole GPIO2-B line.
+
+Commit e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328
+GPIO2-B pins") wrongly set iomux width flag to 0, causing all base
+iomux offset for line after GPIO2-B to be calculated wrong. Fix the
+iomux width flag to IOMUX_WIDTH_2BIT so the offset after GPIO2-B is
+correctly increased by 8, matching the actual width of GPIO2-B iomux.
+
+Fixes: e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins")
+Cc: stable@vger.kernel.org
+Reported-by: Richard Kojedzinszky <richard@kojedz.in>
+Closes: https://lore.kernel.org/linux-rockchip/4f29b743202397d60edfb3c725537415@kojedz.in/
+Tested-by: Richard Kojedzinszky <richard@kojedz.in>
+Signed-off-by: Huang-Huang Bao <i@eh5.me>
+Reviewed-by: Heiko Stuebner <heiko@sntech.de>
+Tested-by: Daniel Golle <daniel@makrotopia.org>
+Tested-by: Trevor Woerner <twoerner@gmail.com>
+Link: https://lore.kernel.org/20240709105428.1176375-1-i@eh5.me
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/pinctrl-rockchip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pinctrl/pinctrl-rockchip.c
++++ b/drivers/pinctrl/pinctrl-rockchip.c
+@@ -3695,7 +3695,7 @@ static struct rockchip_pin_bank rk3328_p
+ PIN_BANK_IOMUX_FLAGS(0, 32, "gpio0", 0, 0, 0, 0),
+ PIN_BANK_IOMUX_FLAGS(1, 32, "gpio1", 0, 0, 0, 0),
+ PIN_BANK_IOMUX_FLAGS(2, 32, "gpio2", 0,
+- 0,
++ IOMUX_WIDTH_2BIT,
+ IOMUX_WIDTH_3BIT,
+ 0),
+ PIN_BANK_IOMUX_FLAGS(3, 32, "gpio3",
--- /dev/null
+From 1c38a62f15e595346a1106025722869e87ffe044 Mon Sep 17 00:00:00 2001
+From: Ma Ke <make24@iscas.ac.cn>
+Date: Thu, 8 Aug 2024 12:13:55 +0800
+Subject: pinctrl: single: fix potential NULL dereference in pcs_get_function()
+
+From: Ma Ke <make24@iscas.ac.cn>
+
+commit 1c38a62f15e595346a1106025722869e87ffe044 upstream.
+
+pinmux_generic_get_function() can return NULL and the pointer 'function'
+was dereferenced without checking against NULL. Add checking of pointer
+'function' in pcs_get_function().
+
+Found by code review.
+
+Cc: stable@vger.kernel.org
+Fixes: 571aec4df5b7 ("pinctrl: single: Use generic pinmux helpers for managing functions")
+Signed-off-by: Ma Ke <make24@iscas.ac.cn>
+Link: https://lore.kernel.org/20240808041355.2766009-1-make24@iscas.ac.cn
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/pinctrl-single.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/pinctrl/pinctrl-single.c
++++ b/drivers/pinctrl/pinctrl-single.c
+@@ -350,6 +350,8 @@ static int pcs_get_function(struct pinct
+ return -ENOTSUPP;
+ fselector = setting->func;
+ function = pinmux_generic_get_function(pctldev, fselector);
++ if (!function)
++ return -EINVAL;
+ *func = function->data;
+ if (!(*func)) {
+ dev_err(pcs->dev, "%s could not find function%i\n",
bluetooth-hci_ldisc-check-hci_uart_proto_ready-flag-in-hciuartgetproto.patch
input-mt-limit-max-slots.patch
tools-move-alignment-related-macros-to-new-linux-align.h.patch
+drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu_vce_cs_reloc.patch
+kvm-arm64-don-t-use-cbz-adr-with-external-symbols.patch
+pinctrl-rockchip-correct-rk3328-iomux-width-flag-for-gpio2-b-pins.patch
+pinctrl-single-fix-potential-null-dereference-in-pcs_get_function.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
