--- /dev/null
+From b4d73c713451a41be4bef7ebdde93d27a21b8d8a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Dec 2024 14:04:35 +0800
+Subject: bpf: Check validity of link->type in bpf_link_show_fdinfo()
+
+From: Hou Tao <houtao1@huawei.com>
+
+commit 8421d4c8762bd022cb491f2f0f7019ef51b4f0a7 upstream.
+
+If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing
+bpf_link_type_strs[link->type] may result in an out-of-bounds access.
+
+To spot such missed invocations early in the future, checking the
+validity of link->type in bpf_link_show_fdinfo() and emitting a warning
+when such invocations are missed.
+
+Signed-off-by: Hou Tao <houtao1@huawei.com>
+Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
+Link: https://lore.kernel.org/bpf/20241024013558.1135167-3-houtao@huaweicloud.com
+[ shung-hsi.yu: break up existing seq_printf() call since commit 68b04864ca42
+ ("bpf: Create links for BPF struct_ops maps.") is not present ]
+Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/bpf/syscall.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
+index f9906e5ad2e5..6455f80099cd 100644
+--- a/kernel/bpf/syscall.c
++++ b/kernel/bpf/syscall.c
+@@ -2816,16 +2816,21 @@ static void bpf_link_show_fdinfo(struct seq_file *m, struct file *filp)
+ {
+ const struct bpf_link *link = filp->private_data;
+ const struct bpf_prog *prog = link->prog;
++ enum bpf_link_type type = link->type;
+ char prog_tag[sizeof(prog->tag) * 2 + 1] = { };
+
++ if (type < ARRAY_SIZE(bpf_link_type_strs) && bpf_link_type_strs[type]) {
++ seq_printf(m, "link_type:\t%s\n", bpf_link_type_strs[type]);
++ } else {
++ WARN_ONCE(1, "missing BPF_LINK_TYPE(...) for link type %u\n", type);
++ seq_printf(m, "link_type:\t<%u>\n", type);
++ }
++ seq_printf(m, "link_id:\t%u\n", link->id);
++
+ bin2hex(prog_tag, prog->tag, sizeof(prog->tag));
+ seq_printf(m,
+- "link_type:\t%s\n"
+- "link_id:\t%u\n"
+ "prog_tag:\t%s\n"
+ "prog_id:\t%u\n",
+- bpf_link_type_strs[link->type],
+- link->id,
+ prog_tag,
+ prog->aux->id);
+ if (link->ops->show_fdinfo)
+--
+2.39.5
+
--- /dev/null
+From fa14168e8fe96f4b66e7d8551cec77255e854da1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Dec 2024 14:22:39 +0800
+Subject: MIPS: mipsregs: Set proper ISA level for virt extensions
+
+From: Jiaxun Yang <jiaxun.yang@flygoat.com>
+
+[ Upstream commit a640d6762a7d404644201ebf6d2a078e8dc84f97 ]
+
+c994a3ec7ecc ("MIPS: set mips32r5 for virt extensions") setted
+some instructions in virt extensions to ISA level mips32r5.
+
+However TLB related vz instructions was leftover, also this
+shouldn't be done to a R5 or R6 kernel buid.
+
+Reorg macros to set ISA level as needed when _ASM_SET_VIRT
+is called.
+
+Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: WangYuli <wangyuli@uniontech.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/include/asm/mipsregs.h | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/arch/mips/include/asm/mipsregs.h b/arch/mips/include/asm/mipsregs.h
+index 99eeafe6dcab..c60e72917a28 100644
+--- a/arch/mips/include/asm/mipsregs.h
++++ b/arch/mips/include/asm/mipsregs.h
+@@ -2078,7 +2078,14 @@ do { \
+ _ASM_INSN_IF_MIPS(0x4200000c) \
+ _ASM_INSN32_IF_MM(0x0000517c)
+ #else /* !TOOLCHAIN_SUPPORTS_VIRT */
+-#define _ASM_SET_VIRT ".set\tvirt\n\t"
++#if MIPS_ISA_REV >= 5
++#define _ASM_SET_VIRT_ISA
++#elif defined(CONFIG_64BIT)
++#define _ASM_SET_VIRT_ISA ".set\tmips64r5\n\t"
++#else
++#define _ASM_SET_VIRT_ISA ".set\tmips32r5\n\t"
++#endif
++#define _ASM_SET_VIRT _ASM_SET_VIRT_ISA ".set\tvirt\n\t"
+ #define _ASM_SET_MFGC0 _ASM_SET_VIRT
+ #define _ASM_SET_DMFGC0 _ASM_SET_VIRT
+ #define _ASM_SET_MTGC0 _ASM_SET_VIRT
+@@ -2099,7 +2106,6 @@ do { \
+ ({ int __res; \
+ __asm__ __volatile__( \
+ ".set\tpush\n\t" \
+- ".set\tmips32r5\n\t" \
+ _ASM_SET_MFGC0 \
+ "mfgc0\t%0, " #source ", %1\n\t" \
+ _ASM_UNSET_MFGC0 \
+@@ -2113,7 +2119,6 @@ do { \
+ ({ unsigned long long __res; \
+ __asm__ __volatile__( \
+ ".set\tpush\n\t" \
+- ".set\tmips64r5\n\t" \
+ _ASM_SET_DMFGC0 \
+ "dmfgc0\t%0, " #source ", %1\n\t" \
+ _ASM_UNSET_DMFGC0 \
+@@ -2127,7 +2132,6 @@ do { \
+ do { \
+ __asm__ __volatile__( \
+ ".set\tpush\n\t" \
+- ".set\tmips32r5\n\t" \
+ _ASM_SET_MTGC0 \
+ "mtgc0\t%z0, " #register ", %1\n\t" \
+ _ASM_UNSET_MTGC0 \
+@@ -2140,7 +2144,6 @@ do { \
+ do { \
+ __asm__ __volatile__( \
+ ".set\tpush\n\t" \
+- ".set\tmips64r5\n\t" \
+ _ASM_SET_DMTGC0 \
+ "dmtgc0\t%z0, " #register ", %1\n\t" \
+ _ASM_UNSET_DMTGC0 \
+--
+2.39.5
+
--- /dev/null
+From db9a0bf4f99a920434a3b28e0f88ea2bfa399406 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Dec 2024 14:09:18 +0800
+Subject: MIPS: Probe toolchain support of -msym32
+
+From: Jiaxun Yang <jiaxun.yang@flygoat.com>
+
+[ Upstream commit 18ca63a2e23c5e170d2d7552b64b1f5ad019cd9b ]
+
+msym32 is not supported by LLVM toolchain.
+Workaround by probe toolchain support of msym32 for KBUILD_SYM32
+feature.
+
+Link: https://github.com/ClangBuiltLinux/linux/issues/1544
+Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: WangYuli <wangyuli@uniontech.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/mips/Makefile b/arch/mips/Makefile
+index dd6486097e1d..6468f1eb39f3 100644
+--- a/arch/mips/Makefile
++++ b/arch/mips/Makefile
+@@ -304,7 +304,7 @@ drivers-$(CONFIG_PCI) += arch/mips/pci/
+ ifdef CONFIG_64BIT
+ ifndef KBUILD_SYM32
+ ifeq ($(shell expr $(load-y) \< 0xffffffff80000000), 0)
+- KBUILD_SYM32 = y
++ KBUILD_SYM32 = $(call cc-option-yn, -msym32)
+ endif
+ endif
+
+--
+2.39.5
+
--- /dev/null
+From 693190465e8aa7e36b274d9ed12f2afccfca6117 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 26 Dec 2024 15:11:31 +0800
+Subject: net/mlx5e: Don't call cleanup on profile rollback failure
+
+From: Cosmin Ratiu <cratiu@nvidia.com>
+
+[ Upstream commit 4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0 ]
+
+When profile rollback fails in mlx5e_netdev_change_profile, the netdev
+profile var is left set to NULL. Avoid a crash when unloading the driver
+by not calling profile->cleanup in such a case.
+
+This was encountered while testing, with the original trigger that
+the wq rescuer thread creation got interrupted (presumably due to
+Ctrl+C-ing modprobe), which gets converted to ENOMEM (-12) by
+mlx5e_priv_init, the profile rollback also fails for the same reason
+(signal still active) so the profile is left as NULL, leading to a crash
+later in _mlx5e_remove.
+
+ [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)
+ [ 734.525513] workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR
+ [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12
+ [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12
+ [ 734.560153] workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR
+ [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12
+ [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12
+ [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008
+ [ 745.538222] #PF: supervisor read access in kernel mode
+<snipped>
+ [ 745.551290] Call Trace:
+ [ 745.551590] <TASK>
+ [ 745.551866] ? __die+0x20/0x60
+ [ 745.552218] ? page_fault_oops+0x150/0x400
+ [ 745.555307] ? exc_page_fault+0x79/0x240
+ [ 745.555729] ? asm_exc_page_fault+0x22/0x30
+ [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]
+ [ 745.556698] auxiliary_bus_remove+0x18/0x30
+ [ 745.557134] device_release_driver_internal+0x1df/0x240
+ [ 745.557654] bus_remove_device+0xd7/0x140
+ [ 745.558075] device_del+0x15b/0x3c0
+ [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]
+ [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]
+ [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]
+ [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]
+ [ 745.560694] pci_device_remove+0x39/0xa0
+ [ 745.561112] device_release_driver_internal+0x1df/0x240
+ [ 745.561631] driver_detach+0x47/0x90
+ [ 745.562022] bus_remove_driver+0x84/0x100
+ [ 745.562444] pci_unregister_driver+0x3b/0x90
+ [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]
+ [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0
+ [ 745.563886] ? kmem_cache_free+0x1b0/0x460
+ [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190
+ [ 745.564825] do_syscall_64+0x6d/0x140
+ [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53
+ [ 745.565725] RIP: 0033:0x7f1579b1288b
+
+Fixes: 3ef14e463f6e ("net/mlx5e: Separate between netdev objects and mlx5e profiles initialization")
+Signed-off-by: Cosmin Ratiu <cratiu@nvidia.com>
+Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
+Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+index 385904502a6b..8ee6a81b42b4 100644
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+@@ -5980,7 +5980,9 @@ static void mlx5e_remove(struct auxiliary_device *adev)
+ mlx5e_dcbnl_delete_app(priv);
+ unregister_netdev(priv->netdev);
+ mlx5e_suspend(adev, state);
+- priv->profile->cleanup(priv);
++ /* Avoid cleanup if profile rollback failed. */
++ if (priv->profile)
++ priv->profile->cleanup(priv);
+ mlx5e_devlink_port_unregister(priv);
+ mlx5e_destroy_netdev(priv);
+ }
+--
+2.39.5
+
drm-dp_mst-ensure-mst_primary-pointer-is-valid-in-dr.patch
virtio-blk-don-t-keep-queue-frozen-during-system-sus.patch
blk-mq-register-cpuhp-callback-after-hctx-is-added-t.patch
+vmalloc-fix-accounting-with-i915.patch
+mips-probe-toolchain-support-of-msym32.patch
+mips-mipsregs-set-proper-isa-level-for-virt-extensio.patch
+net-mlx5e-don-t-call-cleanup-on-profile-rollback-fai.patch
+bpf-check-validity-of-link-type-in-bpf_link_show_fdi.patch
--- /dev/null
+From b5e46274bc6b2d72b57b33476ac8a22026650a27 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 23 Dec 2024 20:07:29 +0000
+Subject: vmalloc: fix accounting with i915
+
+From: Matthew Wilcox (Oracle) <willy@infradead.org>
+
+[ Upstream commit a2e740e216f5bf49ccb83b6d490c72a340558a43 ]
+
+If the caller of vmap() specifies VM_MAP_PUT_PAGES (currently only the
+i915 driver), we will decrement nr_vmalloc_pages and MEMCG_VMALLOC in
+vfree(). These counters are incremented by vmalloc() but not by vmap() so
+this will cause an underflow. Check the VM_MAP_PUT_PAGES flag before
+decrementing either counter.
+
+Link: https://lkml.kernel.org/r/20241211202538.168311-1-willy@infradead.org
+Fixes: b944afc9d64d ("mm: add a VM_MAP_PUT_PAGES flag for vmap")
+Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Reviewed-by: Shakeel Butt <shakeel.butt@linux.dev>
+Reviewed-by: Balbir Singh <balbirs@nvidia.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Muchun Song <muchun.song@linux.dev>
+Cc: Roman Gushchin <roman.gushchin@linux.dev>
+Cc: "Uladzislau Rezki (Sony)" <urezki@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ mm/vmalloc.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/mm/vmalloc.c b/mm/vmalloc.c
+index a0b650f50faa..7c6694514606 100644
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -2709,7 +2709,8 @@ static void __vunmap(const void *addr, int deallocate_pages)
+ struct page *page = area->pages[i];
+
+ BUG_ON(!page);
+- mod_memcg_page_state(page, MEMCG_VMALLOC, -1);
++ if (!(area->flags & VM_MAP_PUT_PAGES))
++ mod_memcg_page_state(page, MEMCG_VMALLOC, -1);
+ /*
+ * High-order allocs for huge vmallocs are split, so
+ * can be freed as an array of order-0 allocations
+@@ -2717,7 +2718,8 @@ static void __vunmap(const void *addr, int deallocate_pages)
+ __free_pages(page, 0);
+ cond_resched();
+ }
+- atomic_long_sub(area->nr_pages, &nr_vmalloc_pages);
++ if (!(area->flags & VM_MAP_PUT_PAGES))
++ atomic_long_sub(area->nr_pages, &nr_vmalloc_pages);
+
+ kvfree(area->pages);
+ }
+--
+2.39.5
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
