From: Greg Kroah-Hartman Date: Thu, 17 Apr 2025 13:36:00 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.12.24~50 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6a2ea54a6d7b756a9f9a5f0072f1c1a4432ed2fb;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: crypto-ccp-fix-check-for-the-primary-asp-device.patch dm-integrity-set-ti-error-on-memory-allocation-failure.patch ftrace-add-cond_resched-to-ftrace_graph_set_hash.patch gpio-zynq-fix-wakeup-source-leaks-on-device-unbind.patch kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch thermal-drivers-rockchip-add-missing-rk3328-mapping-entry.patch --- diff --git a/queue-5.15/crypto-ccp-fix-check-for-the-primary-asp-device.patch b/queue-5.15/crypto-ccp-fix-check-for-the-primary-asp-device.patch new file mode 100644 index 0000000000..d9de13e05a --- /dev/null +++ b/queue-5.15/crypto-ccp-fix-check-for-the-primary-asp-device.patch @@ -0,0 +1,54 @@ +From 07bb097b92b987db518e72525b515d77904e966e Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Fri, 17 Jan 2025 17:05:47 -0600 +Subject: crypto: ccp - Fix check for the primary ASP device + +From: Tom Lendacky + +commit 07bb097b92b987db518e72525b515d77904e966e upstream. + +Currently, the ASP primary device check does not have support for PCI +domains, and, as a result, when the system is configured with PCI domains +(PCI segments) the wrong device can be selected as primary. This results +in commands submitted to the device timing out and failing. The device +check also relies on specific device and function assignments that may +not hold in the future. + +Fix the primary ASP device check to include support for PCI domains and +to perform proper checking of the Bus/Device/Function positions. + +Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support") +Cc: stable@vger.kernel.org +Signed-off-by: Tom Lendacky +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/ccp/sp-pci.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/drivers/crypto/ccp/sp-pci.c ++++ b/drivers/crypto/ccp/sp-pci.c +@@ -118,14 +118,17 @@ static bool sp_pci_is_master(struct sp_d + pdev_new = to_pci_dev(dev_new); + pdev_cur = to_pci_dev(dev_cur); + +- if (pdev_new->bus->number < pdev_cur->bus->number) +- return true; ++ if (pci_domain_nr(pdev_new->bus) != pci_domain_nr(pdev_cur->bus)) ++ return pci_domain_nr(pdev_new->bus) < pci_domain_nr(pdev_cur->bus); + +- if (PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn)) +- return true; ++ if (pdev_new->bus->number != pdev_cur->bus->number) ++ return pdev_new->bus->number < pdev_cur->bus->number; + +- if (PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn)) +- return true; ++ if (PCI_SLOT(pdev_new->devfn) != PCI_SLOT(pdev_cur->devfn)) ++ return PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn); ++ ++ if (PCI_FUNC(pdev_new->devfn) != PCI_FUNC(pdev_cur->devfn)) ++ return PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn); + + return false; + } diff --git a/queue-5.15/dm-integrity-set-ti-error-on-memory-allocation-failure.patch b/queue-5.15/dm-integrity-set-ti-error-on-memory-allocation-failure.patch new file mode 100644 index 0000000000..cbd8d6537e --- /dev/null +++ b/queue-5.15/dm-integrity-set-ti-error-on-memory-allocation-failure.patch @@ -0,0 +1,41 @@ +From 00204ae3d6712ee053353920e3ce2b00c35ef75b Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 10 Feb 2025 16:14:22 +0100 +Subject: dm-integrity: set ti->error on memory allocation failure + +From: Mikulas Patocka + +commit 00204ae3d6712ee053353920e3ce2b00c35ef75b upstream. + +The dm-integrity target didn't set the error string when memory +allocation failed. This patch fixes it. + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-integrity.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -4454,16 +4454,19 @@ try_smaller_buffer: + + ic->recalc_bitmap = dm_integrity_alloc_page_list(n_bitmap_pages); + if (!ic->recalc_bitmap) { ++ ti->error = "Could not allocate memory for bitmap"; + r = -ENOMEM; + goto bad; + } + ic->may_write_bitmap = dm_integrity_alloc_page_list(n_bitmap_pages); + if (!ic->may_write_bitmap) { ++ ti->error = "Could not allocate memory for bitmap"; + r = -ENOMEM; + goto bad; + } + ic->bbs = kvmalloc_array(ic->n_bitmap_blocks, sizeof(struct bitmap_block_status), GFP_KERNEL); + if (!ic->bbs) { ++ ti->error = "Could not allocate memory for bitmap"; + r = -ENOMEM; + goto bad; + } diff --git a/queue-5.15/ftrace-add-cond_resched-to-ftrace_graph_set_hash.patch b/queue-5.15/ftrace-add-cond_resched-to-ftrace_graph_set_hash.patch new file mode 100644 index 0000000000..5ec58b17f3 --- /dev/null +++ b/queue-5.15/ftrace-add-cond_resched-to-ftrace_graph_set_hash.patch @@ -0,0 +1,39 @@ +From 42ea22e754ba4f2b86f8760ca27f6f71da2d982c Mon Sep 17 00:00:00 2001 +From: zhoumin +Date: Tue, 1 Apr 2025 01:00:34 +0800 +Subject: ftrace: Add cond_resched() to ftrace_graph_set_hash() + +From: zhoumin + +commit 42ea22e754ba4f2b86f8760ca27f6f71da2d982c upstream. + +When the kernel contains a large number of functions that can be traced, +the loop in ftrace_graph_set_hash() may take a lot of time to execute. +This may trigger the softlockup watchdog. + +Add cond_resched() within the loop to allow the kernel to remain +responsive even when processing a large number of functions. + +This matches the cond_resched() that is used in other locations of the +code that iterates over all functions that can be traced. + +Cc: stable@vger.kernel.org +Fixes: b9b0c831bed26 ("ftrace: Convert graph filter to use hash tables") +Link: https://lore.kernel.org/tencent_3E06CE338692017B5809534B9C5C03DA7705@qq.com +Signed-off-by: zhoumin +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/ftrace.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -6090,6 +6090,7 @@ ftrace_graph_set_hash(struct ftrace_hash + } + } + } ++ cond_resched(); + } while_for_each_ftrace_rec(); + out: + mutex_unlock(&ftrace_lock); diff --git a/queue-5.15/gpio-zynq-fix-wakeup-source-leaks-on-device-unbind.patch b/queue-5.15/gpio-zynq-fix-wakeup-source-leaks-on-device-unbind.patch new file mode 100644 index 0000000000..3ef47c0abf --- /dev/null +++ b/queue-5.15/gpio-zynq-fix-wakeup-source-leaks-on-device-unbind.patch @@ -0,0 +1,31 @@ +From c5672e310ad971d408752fce7596ed27adc6008f Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Sun, 6 Apr 2025 22:22:45 +0200 +Subject: gpio: zynq: Fix wakeup source leaks on device unbind + +From: Krzysztof Kozlowski + +commit c5672e310ad971d408752fce7596ed27adc6008f upstream. + +Device can be unbound, so driver must also release memory for the wakeup +source. + +Cc: stable@vger.kernel.org +Signed-off-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20250406202245.53854-2-krzysztof.kozlowski@linaro.org +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpio-zynq.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpio/gpio-zynq.c ++++ b/drivers/gpio/gpio-zynq.c +@@ -1012,6 +1012,7 @@ static int zynq_gpio_remove(struct platf + ret = pm_runtime_get_sync(&pdev->dev); + if (ret < 0) + dev_warn(&pdev->dev, "pm_runtime_get_sync() Failed\n"); ++ device_init_wakeup(&pdev->dev, 0); + gpiochip_remove(&gpio->chip); + clk_disable_unprepare(gpio->clk); + device_set_wakeup_capable(&pdev->dev, 0); diff --git a/queue-5.15/kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch b/queue-5.15/kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch new file mode 100644 index 0000000000..979ec11f49 --- /dev/null +++ b/queue-5.15/kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch @@ -0,0 +1,82 @@ +From ef01cac401f18647d62720cf773d7bb0541827da Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Tue, 1 Apr 2025 08:05:04 -0700 +Subject: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses + +From: Sean Christopherson + +commit ef01cac401f18647d62720cf773d7bb0541827da upstream. + +Acquire a lock on kvm->srcu when userspace is getting MP state to handle a +rather extreme edge case where "accepting" APIC events, i.e. processing +pending INIT or SIPI, can trigger accesses to guest memory. If the vCPU +is in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP +state will trigger a nested VM-Exit by way of ->check_nested_events(), and +emuating the nested VM-Exit can access guest memory. + +The splat was originally hit by syzkaller on a Google-internal kernel, and +reproduced on an upstream kernel by hacking the triple_fault_event_test +selftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a +memory access on VMX), and do vcpu_mp_state_get() to trigger the scenario. + + ============================= + WARNING: suspicious RCU usage + 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted + ----------------------------- + include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage! + + other info that might help us debug this: + + rcu_scheduler_active = 2, debug_locks = 1 + 1 lock held by triple_fault_ev/1256: + #0: ffff88810df5a330 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm] + + stack backtrace: + CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3 + Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 + Call Trace: + + dump_stack_lvl+0x7f/0x90 + lockdep_rcu_suspicious+0x144/0x190 + kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm] + kvm_vcpu_read_guest+0x3e/0x90 [kvm] + read_and_check_msr_entry+0x2e/0x180 [kvm_intel] + __nested_vmx_vmexit+0x550/0xde0 [kvm_intel] + kvm_check_nested_events+0x1b/0x30 [kvm] + kvm_apic_accept_events+0x33/0x100 [kvm] + kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm] + kvm_vcpu_ioctl+0x33e/0x9a0 [kvm] + __x64_sys_ioctl+0x8b/0xb0 + do_syscall_64+0x6c/0x170 + entry_SYSCALL_64_after_hwframe+0x4b/0x53 + + +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-ID: <20250401150504.829812-1-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/x86.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -10579,6 +10579,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(stru + if (kvm_mpx_supported()) + kvm_load_guest_fpu(vcpu); + ++ kvm_vcpu_srcu_read_lock(vcpu); ++ + r = kvm_apic_accept_events(vcpu); + if (r < 0) + goto out; +@@ -10592,6 +10594,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(stru + mp_state->mp_state = vcpu->arch.mp_state; + + out: ++ kvm_vcpu_srcu_read_unlock(vcpu); ++ + if (kvm_mpx_supported()) + kvm_put_guest_fpu(vcpu); + vcpu_put(vcpu); diff --git a/queue-5.15/series b/queue-5.15/series index 4eb8e16727..7802f470c1 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -100,3 +100,9 @@ sparc-mm-disable-preemption-in-lazy-mmu-mode.patch mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock.patch mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages.patch sctp-detect-and-prevent-references-to-a-freed-transport-in-sendmsg.patch +thermal-drivers-rockchip-add-missing-rk3328-mapping-entry.patch +crypto-ccp-fix-check-for-the-primary-asp-device.patch +dm-integrity-set-ti-error-on-memory-allocation-failure.patch +ftrace-add-cond_resched-to-ftrace_graph_set_hash.patch +gpio-zynq-fix-wakeup-source-leaks-on-device-unbind.patch +kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch diff --git a/queue-5.15/thermal-drivers-rockchip-add-missing-rk3328-mapping-entry.patch b/queue-5.15/thermal-drivers-rockchip-add-missing-rk3328-mapping-entry.patch new file mode 100644 index 0000000000..ac1ef83815 --- /dev/null +++ b/queue-5.15/thermal-drivers-rockchip-add-missing-rk3328-mapping-entry.patch @@ -0,0 +1,61 @@ +From ee022e5cae052e0c67ca7c5fec0f2e7bc897c70e Mon Sep 17 00:00:00 2001 +From: Trevor Woerner +Date: Fri, 7 Feb 2025 12:50:47 -0500 +Subject: thermal/drivers/rockchip: Add missing rk3328 mapping entry + +From: Trevor Woerner + +commit ee022e5cae052e0c67ca7c5fec0f2e7bc897c70e upstream. + +The mapping table for the rk3328 is missing the entry for -25C which is +found in the TRM section 9.5.2 "Temperature-to-code mapping". + +NOTE: the kernel uses the tsadc_q_sel=1'b1 mode which is defined as: + 4096-. Whereas the table in the TRM gives the code + "3774" for -25C, the kernel uses 4096-3774=322. + +[Dragan Simic] : "After going through the RK3308 and RK3328 TRMs, as + well as through the downstream kernel code, it seems we may have + some troubles at our hands. Let me explain, please. + + To sum it up, part 1 of the RK3308 TRM v1.1 says on page 538 that + the equation for the output when tsadc_q_sel equals 1 is (4096 - + tsadc_q), while part 1 of the RK3328 TRM v1.2 says that the output + equation is (1024 - tsadc_q) in that case. + + The downstream kernel code, however, treats the RK3308 and RK3328 + tables and their values as being the same. It even mentions 1024 as + the "offset" value in a comment block for the rk_tsadcv3_control() + function, just like the upstream code does, which is obviously wrong + "offset" value when correlated with the table on page 544 of part 1 + of the RK3308 TRM v1.1. + + With all this in mind, it's obvious that more work is needed to make + it clear where's the actual mistake (it could be that the TRM is + wrong), which I'll volunteer for as part of the SoC binning project. + In the meantime, this patch looks fine as-is to me, by offering + what's a clear improvement to the current state of the upstream + code" + +Link: https://opensource.rock-chips.com/images/9/97/Rockchip_RK3328TRM_V1.1-Part1-20170321.pdf +Cc: stable@vger.kernel.org +Fixes: eda519d5f73e ("thermal: rockchip: Support the RK3328 SOC in thermal driver") +Signed-off-by: Trevor Woerner +Reviewed-by: Dragan Simic +Link: https://lore.kernel.org/r/20250207175048.35959-1-twoerner@gmail.com +Signed-off-by: Daniel Lezcano +Signed-off-by: Greg Kroah-Hartman +--- + drivers/thermal/rockchip_thermal.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/thermal/rockchip_thermal.c ++++ b/drivers/thermal/rockchip_thermal.c +@@ -373,6 +373,7 @@ static const struct tsadc_table rk3328_c + {296, -40000}, + {304, -35000}, + {313, -30000}, ++ {322, -25000}, + {331, -20000}, + {340, -15000}, + {349, -10000},