From: Sasha Levin Date: Tue, 10 Sep 2024 00:36:21 +0000 (-0400) Subject: Fixes for 5.10 X-Git-Tag: v4.19.322~36 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=76620056df6bfbd53f7de97665a0c987e49bc808;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.10 Signed-off-by: Sasha Levin --- diff --git a/queue-5.10/acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch b/queue-5.10/acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch new file mode 100644 index 00000000000..45772e71768 --- /dev/null +++ b/queue-5.10/acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch @@ -0,0 +1,83 @@ +From 91d3f69a438b77744c91de4d4d61b9fd037c6309 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:32 +0100 +Subject: ACPI: processor: Fix memory leaks in error paths of processor_add() + +From: Jonathan Cameron + +[ Upstream commit 47ec9b417ed9b6b8ec2a941cd84d9de62adc358a ] + +If acpi_processor_get_info() returned an error, pr and the associated +pr->throttling.shared_cpu_map were leaked. + +The unwind code was in the wrong order wrt to setup, relying on +some unwind actions having no affect (clearing variables that were +never set etc). That makes it harder to reason about so reorder +and add appropriate labels to only undo what was actually set up +in the first place. + +Acked-by: Rafael J. Wysocki +Reviewed-by: Gavin Shan +Signed-off-by: Jonathan Cameron +Link: https://lore.kernel.org/r/20240529133446.28446-6-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + drivers/acpi/acpi_processor.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c +index 9702c1bc5f80..707b2c37e5ee 100644 +--- a/drivers/acpi/acpi_processor.c ++++ b/drivers/acpi/acpi_processor.c +@@ -387,7 +387,7 @@ static int acpi_processor_add(struct acpi_device *device, + + result = acpi_processor_get_info(device); + if (result) /* Processor is not physically present or unavailable */ +- return result; ++ goto err_clear_driver_data; + + BUG_ON(pr->id >= nr_cpu_ids); + +@@ -402,7 +402,7 @@ static int acpi_processor_add(struct acpi_device *device, + "BIOS reported wrong ACPI id %d for the processor\n", + pr->id); + /* Give up, but do not abort the namespace scan. */ +- goto err; ++ goto err_clear_driver_data; + } + /* + * processor_device_array is not cleared on errors to allow buggy BIOS +@@ -414,12 +414,12 @@ static int acpi_processor_add(struct acpi_device *device, + dev = get_cpu_device(pr->id); + if (!dev) { + result = -ENODEV; +- goto err; ++ goto err_clear_per_cpu; + } + + result = acpi_bind_one(dev, device); + if (result) +- goto err; ++ goto err_clear_per_cpu; + + pr->dev = dev; + +@@ -430,10 +430,11 @@ static int acpi_processor_add(struct acpi_device *device, + dev_err(dev, "Processor driver could not be attached\n"); + acpi_unbind_one(dev); + +- err: +- free_cpumask_var(pr->throttling.shared_cpu_map); +- device->driver_data = NULL; ++ err_clear_per_cpu: + per_cpu(processors, pr->id) = NULL; ++ err_clear_driver_data: ++ device->driver_data = NULL; ++ free_cpumask_var(pr->throttling.shared_cpu_map); + err_free_pr: + kfree(pr); + return result; +-- +2.43.0 + diff --git a/queue-5.10/acpi-processor-return-an-error-if-acpi_processor_get.patch b/queue-5.10/acpi-processor-return-an-error-if-acpi_processor_get.patch new file mode 100644 index 00000000000..d45f81d5002 --- /dev/null +++ b/queue-5.10/acpi-processor-return-an-error-if-acpi_processor_get.patch @@ -0,0 +1,44 @@ +From 3b2c4d77280cd6da79b497ac1a4a6bfe6b2b58a5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:31 +0100 +Subject: ACPI: processor: Return an error if acpi_processor_get_info() fails + in processor_add() + +From: Jonathan Cameron + +[ Upstream commit fadf231f0a06a6748a7fc4a2c29ac9ef7bca6bfd ] + +Rafael observed [1] that returning 0 from processor_add() will result in +acpi_default_enumeration() being called which will attempt to create a +platform device, but that makes little sense when the processor is known +to be not available. So just return the error code from acpi_processor_get_info() +instead. + +Link: https://lore.kernel.org/all/CAJZ5v0iKU8ra9jR+EmgxbuNm=Uwx2m1-8vn_RAZ+aCiUVLe3Pw@mail.gmail.com/ [1] +Suggested-by: Rafael J. Wysocki +Acked-by: Rafael J. Wysocki +Reviewed-by: Gavin Shan +Signed-off-by: Jonathan Cameron +Link: https://lore.kernel.org/r/20240529133446.28446-5-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + drivers/acpi/acpi_processor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c +index 2ee5e05a0d69..9702c1bc5f80 100644 +--- a/drivers/acpi/acpi_processor.c ++++ b/drivers/acpi/acpi_processor.c +@@ -387,7 +387,7 @@ static int acpi_processor_add(struct acpi_device *device, + + result = acpi_processor_get_info(device); + if (result) /* Processor is not physically present or unavailable */ +- return 0; ++ return result; + + BUG_ON(pr->id >= nr_cpu_ids); + +-- +2.43.0 + diff --git a/queue-5.10/arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch b/queue-5.10/arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch new file mode 100644 index 00000000000..2ddb3fdeffc --- /dev/null +++ b/queue-5.10/arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch @@ -0,0 +1,46 @@ +From 52e2b580f8ed14499c596c5ef1625d72a8c2e404 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:39 +0100 +Subject: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry + +From: Jonathan Cameron + +[ Upstream commit 2488444274c70038eb6b686cba5f1ce48ebb9cdd ] + +In a review discussion of the changes to support vCPU hotplug where +a check was added on the GICC being enabled if was online, it was +noted that there is need to map back to the cpu and use that to index +into a cpumask. As such, a valid ID is needed. + +If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible +for the entry in cpu_madt_gicc[cpu] == NULL. This function would +then cause a NULL pointer dereference. Whilst a path to trigger +this has not been established, harden this caller against the +possibility. + +Reviewed-by: Gavin Shan +Signed-off-by: Jonathan Cameron +Link: https://lore.kernel.org/r/20240529133446.28446-13-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/acpi.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/acpi.h b/arch/arm64/include/asm/acpi.h +index 0d1da93a5bad..702587fda70c 100644 +--- a/arch/arm64/include/asm/acpi.h ++++ b/arch/arm64/include/asm/acpi.h +@@ -102,7 +102,8 @@ static inline int get_cpu_for_acpi_id(u32 uid) + int cpu; + + for (cpu = 0; cpu < nr_cpu_ids; cpu++) +- if (uid == get_acpi_id_for_cpu(cpu)) ++ if (acpi_cpu_get_madt_gicc(cpu) && ++ uid == get_acpi_id_for_cpu(cpu)) + return cpu; + + return -EINVAL; +-- +2.43.0 + diff --git a/queue-5.10/arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch b/queue-5.10/arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch new file mode 100644 index 00000000000..87a9a603648 --- /dev/null +++ b/queue-5.10/arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch @@ -0,0 +1,82 @@ +From a9262962d5e1d073f963e86e43bc9b44db41dc73 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 May 2024 14:34:38 +0100 +Subject: arm64: acpi: Move get_cpu_for_acpi_id() to a header + +From: James Morse + +[ Upstream commit 8d34b6f17b9ac93faa2791eb037dcb08bdf755de ] + +ACPI identifies CPUs by UID. get_cpu_for_acpi_id() maps the ACPI UID +to the Linux CPU number. + +The helper to retrieve this mapping is only available in arm64's NUMA +code. + +Move it to live next to get_acpi_id_for_cpu(). + +Signed-off-by: James Morse +Reviewed-by: Jonathan Cameron +Reviewed-by: Gavin Shan +Tested-by: Miguel Luis +Tested-by: Vishnu Pajjuri +Tested-by: Jianyong Wu +Signed-off-by: Russell King (Oracle) +Acked-by: Hanjun Guo +Signed-off-by: Jonathan Cameron +Reviewed-by: Lorenzo Pieralisi +Link: https://lore.kernel.org/r/20240529133446.28446-12-Jonathan.Cameron@huawei.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/acpi.h | 11 +++++++++++ + arch/arm64/kernel/acpi_numa.c | 11 ----------- + 2 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/arch/arm64/include/asm/acpi.h b/arch/arm64/include/asm/acpi.h +index bd68e1b7f29f..0d1da93a5bad 100644 +--- a/arch/arm64/include/asm/acpi.h ++++ b/arch/arm64/include/asm/acpi.h +@@ -97,6 +97,17 @@ static inline u32 get_acpi_id_for_cpu(unsigned int cpu) + return acpi_cpu_get_madt_gicc(cpu)->uid; + } + ++static inline int get_cpu_for_acpi_id(u32 uid) ++{ ++ int cpu; ++ ++ for (cpu = 0; cpu < nr_cpu_ids; cpu++) ++ if (uid == get_acpi_id_for_cpu(cpu)) ++ return cpu; ++ ++ return -EINVAL; ++} ++ + static inline void arch_fix_phys_package_id(int num, u32 slot) { } + void __init acpi_init_cpus(void); + int apei_claim_sea(struct pt_regs *regs); +diff --git a/arch/arm64/kernel/acpi_numa.c b/arch/arm64/kernel/acpi_numa.c +index 048b75cadd2f..c5feac18c238 100644 +--- a/arch/arm64/kernel/acpi_numa.c ++++ b/arch/arm64/kernel/acpi_numa.c +@@ -34,17 +34,6 @@ int __init acpi_numa_get_nid(unsigned int cpu) + return acpi_early_node_map[cpu]; + } + +-static inline int get_cpu_for_acpi_id(u32 uid) +-{ +- int cpu; +- +- for (cpu = 0; cpu < nr_cpu_ids; cpu++) +- if (uid == get_acpi_id_for_cpu(cpu)) +- return cpu; +- +- return -EINVAL; +-} +- + static int __init acpi_parse_gicc_pxm(union acpi_subtable_headers *header, + const unsigned long end) + { +-- +2.43.0 + diff --git a/queue-5.10/drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch b/queue-5.10/drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch new file mode 100644 index 00000000000..41d27682e15 --- /dev/null +++ b/queue-5.10/drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch @@ -0,0 +1,59 @@ +From 12991072a4be9698eb51f9dadf5ce9a618477ae8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2024 18:58:38 +0300 +Subject: drm/i915/fence: Mark debug_fence_free() with __maybe_unused + +From: Andy Shevchenko + +[ Upstream commit f99999536128b14b5d765a9982763b5134efdd79 ] + +When debug_fence_free() is unused +(CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS=n), it prevents kernel builds +with clang, `make W=1` and CONFIG_WERROR=y: + +.../i915_sw_fence.c:118:20: error: unused function 'debug_fence_free' [-Werror,-Wunused-function] + 118 | static inline void debug_fence_free(struct i915_sw_fence *fence) + | ^~~~~~~~~~~~~~~~ + +Fix this by marking debug_fence_free() with __maybe_unused. + +See also commit 6863f5643dd7 ("kbuild: allow Clang to find unused static +inline functions for W=1 build"). + +Fixes: fc1584059d6c ("drm/i915: Integrate i915_sw_fence with debugobjects") +Signed-off-by: Andy Shevchenko +Reviewed-by: Jani Nikula +Link: https://patchwork.freedesktop.org/patch/msgid/20240829155950.1141978-3-andriy.shevchenko@linux.intel.com +Signed-off-by: Jani Nikula +(cherry picked from commit 8be4dce5ea6f2368cc25edc71989c4690fa66964) +Signed-off-by: Joonas Lahtinen +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/i915_sw_fence.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_sw_fence.c b/drivers/gpu/drm/i915/i915_sw_fence.c +index 1c4498c29f25..136a7163477d 100644 +--- a/drivers/gpu/drm/i915/i915_sw_fence.c ++++ b/drivers/gpu/drm/i915/i915_sw_fence.c +@@ -70,7 +70,7 @@ static inline void debug_fence_destroy(struct i915_sw_fence *fence) + debug_object_destroy(fence, &i915_sw_fence_debug_descr); + } + +-static inline void debug_fence_free(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_free(struct i915_sw_fence *fence) + { + debug_object_free(fence, &i915_sw_fence_debug_descr); + smp_wmb(); /* flush the change in state before reallocation */ +@@ -108,7 +108,7 @@ static inline void debug_fence_destroy(struct i915_sw_fence *fence) + { + } + +-static inline void debug_fence_free(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_free(struct i915_sw_fence *fence) + { + } + +-- +2.43.0 + diff --git a/queue-5.10/drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch b/queue-5.10/drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch new file mode 100644 index 00000000000..038fba0e0ca --- /dev/null +++ b/queue-5.10/drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch @@ -0,0 +1,58 @@ +From f70131ccede9f59a965248a76c0fdb88f53a0b55 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2024 18:58:37 +0300 +Subject: drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused + +From: Andy Shevchenko + +[ Upstream commit fcd9e8afd546f6ced378d078345a89bf346d065e ] + +When debug_fence_init_onstack() is unused (CONFIG_DRM_I915_SELFTEST=n), +it prevents kernel builds with clang, `make W=1` and CONFIG_WERROR=y: + +.../i915_sw_fence.c:97:20: error: unused function 'debug_fence_init_onstack' [-Werror,-Wunused-function] + 97 | static inline void debug_fence_init_onstack(struct i915_sw_fence *fence) + | ^~~~~~~~~~~~~~~~~~~~~~~~ + +Fix this by marking debug_fence_init_onstack() with __maybe_unused. + +See also commit 6863f5643dd7 ("kbuild: allow Clang to find unused static +inline functions for W=1 build"). + +Fixes: 214707fc2ce0 ("drm/i915/selftests: Wrap a timer into a i915_sw_fence") +Signed-off-by: Andy Shevchenko +Reviewed-by: Jani Nikula +Link: https://patchwork.freedesktop.org/patch/msgid/20240829155950.1141978-2-andriy.shevchenko@linux.intel.com +Signed-off-by: Jani Nikula +(cherry picked from commit 5bf472058ffb43baf6a4cdfe1d7f58c4c194c688) +Signed-off-by: Joonas Lahtinen +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/i915_sw_fence.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_sw_fence.c b/drivers/gpu/drm/i915/i915_sw_fence.c +index 038d4c6884c5..1c4498c29f25 100644 +--- a/drivers/gpu/drm/i915/i915_sw_fence.c ++++ b/drivers/gpu/drm/i915/i915_sw_fence.c +@@ -44,7 +44,7 @@ static inline void debug_fence_init(struct i915_sw_fence *fence) + debug_object_init(fence, &i915_sw_fence_debug_descr); + } + +-static inline void debug_fence_init_onstack(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_init_onstack(struct i915_sw_fence *fence) + { + debug_object_init_on_stack(fence, &i915_sw_fence_debug_descr); + } +@@ -87,7 +87,7 @@ static inline void debug_fence_init(struct i915_sw_fence *fence) + { + } + +-static inline void debug_fence_init_onstack(struct i915_sw_fence *fence) ++static inline __maybe_unused void debug_fence_init_onstack(struct i915_sw_fence *fence) + { + } + +-- +2.43.0 + diff --git a/queue-5.10/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch b/queue-5.10/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch new file mode 100644 index 00000000000..96cbc1c8bee --- /dev/null +++ b/queue-5.10/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch @@ -0,0 +1,48 @@ +From 0a45a72e42c9008b8bd05af068daff483d2d6e1e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 21 Aug 2024 16:28:26 +0200 +Subject: nvmet-tcp: fix kernel crash if commands allocation fails + +From: Maurizio Lombardi + +[ Upstream commit 5572a55a6f830ee3f3a994b6b962a5c327d28cb3 ] + +If the commands allocation fails in nvmet_tcp_alloc_cmds() +the kernel crashes in nvmet_tcp_release_queue_work() because of +a NULL pointer dereference. + + nvmet: failed to install queue 0 cntlid 1 ret 6 + Unable to handle kernel NULL pointer dereference at + virtual address 0000000000000008 + +Fix the bug by setting queue->nr_cmds to zero in case +nvmet_tcp_alloc_cmd() fails. + +Fixes: 872d26a391da ("nvmet-tcp: add NVMe over TCP target driver") +Signed-off-by: Maurizio Lombardi +Reviewed-by: Christoph Hellwig +Signed-off-by: Keith Busch +Signed-off-by: Sasha Levin +--- + drivers/nvme/target/tcp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c +index e493fc709065..5655f6d81cc0 100644 +--- a/drivers/nvme/target/tcp.c ++++ b/drivers/nvme/target/tcp.c +@@ -1787,8 +1787,10 @@ static u16 nvmet_tcp_install_queue(struct nvmet_sq *sq) + } + + queue->nr_cmds = sq->size * 2; +- if (nvmet_tcp_alloc_cmds(queue)) ++ if (nvmet_tcp_alloc_cmds(queue)) { ++ queue->nr_cmds = 0; + return NVME_SC_INTERNAL; ++ } + return 0; + } + +-- +2.43.0 + diff --git a/queue-5.10/series b/queue-5.10/series index fb5dc7146ce..d16744edb19 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -173,3 +173,10 @@ uprobes-use-kzalloc-to-allocate-xol-area.patch perf-aux-fix-aux-buffer-serialization.patch nilfs2-replace-snprintf-in-show-functions-with-sysfs.patch nilfs2-protect-references-to-superblock-parameters-e.patch +acpi-processor-return-an-error-if-acpi_processor_get.patch +acpi-processor-fix-memory-leaks-in-error-paths-of-pr.patch +arm64-acpi-move-get_cpu_for_acpi_id-to-a-header.patch +arm64-acpi-harden-get_cpu_for_acpi_id-against-missin.patch +nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch +drm-i915-fence-mark-debug_fence_init_onstack-with-__.patch +drm-i915-fence-mark-debug_fence_free-with-__maybe_un.patch