From: Greg Kroah-Hartman Date: Sat, 6 May 2023 06:52:03 +0000 (+0900) Subject: 6.2-stable patches X-Git-Tag: v5.15.111~115 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7906d3aa83aae90c13e00877a99a88d8c5aa1900;p=thirdparty%2Fkernel%2Fstable-queue.git 6.2-stable patches added patches: acpi-video-remove-acpi_backlight-video-quirk-for-lenovo-thinkpad-w530.patch drm-amd-pm-re-enable-the-gfx-imu-when-smu-resume.patch i2c-omap-fix-standard-mode-false-ack-readings.patch igc-read-before-write-to-srrctl-register.patch iommu-amd-fix-guest-virtual-apic-table-root-pointer-configuration-in-irte.patch ksmbd-call-rcu_barrier-in-ksmbd_server_exit.patch ksmbd-fix-deadlock-in-ksmbd_find_crypto_ctx.patch ksmbd-fix-memleak-in-session-setup.patch ksmbd-fix-null-pointer-dereference-in-smb2_get_info_filesystem.patch ksmbd-fix-racy-issue-under-cocurrent-smb2-tree-disconnect.patch ksmbd-not-allow-guest-user-on-multichannel.patch kvm-risc-v-retry-fault-if-vma_lookup-results-become-invalid.patch risc-v-align-sbi-probe-implementation-with-spec.patch riscv-mm-remove-redundant-parameter-of-create_fdt_early_page_table.patch tracing-fix-permissions-for-the-buffer_percent-file.patch --- diff --git a/queue-6.2/acpi-video-remove-acpi_backlight-video-quirk-for-lenovo-thinkpad-w530.patch b/queue-6.2/acpi-video-remove-acpi_backlight-video-quirk-for-lenovo-thinkpad-w530.patch new file mode 100644 index 00000000000..e86fa799825 --- /dev/null +++ b/queue-6.2/acpi-video-remove-acpi_backlight-video-quirk-for-lenovo-thinkpad-w530.patch @@ -0,0 +1,59 @@ +From 3db66620ea90b0fd4134b31eabfec16d7b07d7e3 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 28 Apr 2023 15:23:50 +0200 +Subject: ACPI: video: Remove acpi_backlight=video quirk for Lenovo ThinkPad W530 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hans de Goede + +commit 3db66620ea90b0fd4134b31eabfec16d7b07d7e3 upstream. + +Remove the acpi_backlight=video quirk for Lenovo ThinkPad W530. + +This was intended to help users of the (unsupported) Nvidia binary driver, +but this has been reported to cause backlight control issues for users +who have the gfx configured in hybrid (dual-GPU) mode, so drop this. + +The Nvidia binary driver should call acpi_video_register_backlight() +when necessary and this has been reported to Nvidia. + +Until this is fixed Nvidia binary driver users can work around this by +passing "acpi_backlight=video" on the kernel commandline (with the latest +6.1.y or newer stable series, kernels < 6.1.y don't need this). + +Fixes: a5b2781dcab2 ("ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530") +Reported-by: Русев Путин +Link: https://lore.kernel.org/linux-acpi/CAK4BXn0ngZRmzx1bodAF8nmYj0PWdUXzPGHofRrsyZj8MBpcVA@mail.gmail.com/ +Cc: 6.1+ # 6.1+ +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/video_detect.c | 14 -------------- + 1 file changed, 14 deletions(-) + +--- a/drivers/acpi/video_detect.c ++++ b/drivers/acpi/video_detect.c +@@ -300,20 +300,6 @@ static const struct dmi_system_id video_ + }, + + /* +- * Older models with nvidia GPU which need acpi_video backlight +- * control and where the old nvidia binary driver series does not +- * call acpi_video_register_backlight(). +- */ +- { +- .callback = video_detect_force_video, +- /* ThinkPad W530 */ +- .matches = { +- DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), +- DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad W530"), +- }, +- }, +- +- /* + * These models have a working acpi_video backlight control, and using + * native backlight causes a regression where backlight does not work + * when userspace is not handling brightness key events. Disable diff --git a/queue-6.2/drm-amd-pm-re-enable-the-gfx-imu-when-smu-resume.patch b/queue-6.2/drm-amd-pm-re-enable-the-gfx-imu-when-smu-resume.patch new file mode 100644 index 00000000000..77a3b35d070 --- /dev/null +++ b/queue-6.2/drm-amd-pm-re-enable-the-gfx-imu-when-smu-resume.patch @@ -0,0 +1,91 @@ +From f7f28f268b861c29dd18086bb636abedf0ff59ff Mon Sep 17 00:00:00 2001 +From: Tim Huang +Date: Wed, 22 Mar 2023 14:39:16 +0800 +Subject: drm/amd/pm: re-enable the gfx imu when smu resume + +From: Tim Huang + +commit f7f28f268b861c29dd18086bb636abedf0ff59ff upstream. + +If the gfx imu is poweroff when suspend, then +it need to be re-enabled when resume. + +Signed-off-by: Tim Huang +Reviewed-by: Yifan Zhang +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 40 +++++++++++++++++++++--------- + 1 file changed, 28 insertions(+), 12 deletions(-) + +--- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c +@@ -161,10 +161,15 @@ int smu_get_dpm_freq_range(struct smu_co + + int smu_set_gfx_power_up_by_imu(struct smu_context *smu) + { +- if (!smu->ppt_funcs || !smu->ppt_funcs->set_gfx_power_up_by_imu) +- return -EOPNOTSUPP; ++ int ret = 0; ++ struct amdgpu_device *adev = smu->adev; + +- return smu->ppt_funcs->set_gfx_power_up_by_imu(smu); ++ if (smu->ppt_funcs->set_gfx_power_up_by_imu) { ++ ret = smu->ppt_funcs->set_gfx_power_up_by_imu(smu); ++ if (ret) ++ dev_err(adev->dev, "Failed to enable gfx imu!\n"); ++ } ++ return ret; + } + + static u32 smu_get_mclk(void *handle, bool low) +@@ -195,6 +200,19 @@ static u32 smu_get_sclk(void *handle, bo + return clk_freq * 100; + } + ++static int smu_set_gfx_imu_enable(struct smu_context *smu) ++{ ++ struct amdgpu_device *adev = smu->adev; ++ ++ if (adev->firmware.load_type != AMDGPU_FW_LOAD_PSP) ++ return 0; ++ ++ if (amdgpu_in_reset(smu->adev) || adev->in_s0ix) ++ return 0; ++ ++ return smu_set_gfx_power_up_by_imu(smu); ++} ++ + static int smu_dpm_set_vcn_enable(struct smu_context *smu, + bool enable) + { +@@ -1386,15 +1404,9 @@ static int smu_hw_init(void *handle) + } + + if (smu->is_apu) { +- if ((smu->ppt_funcs->set_gfx_power_up_by_imu) && +- likely(adev->firmware.load_type == AMDGPU_FW_LOAD_PSP)) { +- ret = smu->ppt_funcs->set_gfx_power_up_by_imu(smu); +- if (ret) { +- dev_err(adev->dev, "Failed to Enable gfx imu!\n"); +- return ret; +- } +- } +- ++ ret = smu_set_gfx_imu_enable(smu); ++ if (ret) ++ return ret; + smu_dpm_set_vcn_enable(smu, true); + smu_dpm_set_jpeg_enable(smu, true); + smu_set_gfx_cgpg(smu, true); +@@ -1671,6 +1683,10 @@ static int smu_resume(void *handle) + return ret; + } + ++ ret = smu_set_gfx_imu_enable(smu); ++ if (ret) ++ return ret; ++ + smu_set_gfx_cgpg(smu, true); + + smu->disable_uclk_switch = 0; diff --git a/queue-6.2/i2c-omap-fix-standard-mode-false-ack-readings.patch b/queue-6.2/i2c-omap-fix-standard-mode-false-ack-readings.patch new file mode 100644 index 00000000000..fb8ac377411 --- /dev/null +++ b/queue-6.2/i2c-omap-fix-standard-mode-false-ack-readings.patch @@ -0,0 +1,37 @@ +From c770657bd2611b077ec1e7b1fe6aa92f249399bd Mon Sep 17 00:00:00 2001 +From: Reid Tonking +Date: Wed, 26 Apr 2023 14:49:56 -0500 +Subject: i2c: omap: Fix standard mode false ACK readings + +From: Reid Tonking + +commit c770657bd2611b077ec1e7b1fe6aa92f249399bd upstream. + +Using standard mode, rare false ACK responses were appearing with +i2cdetect tool. This was happening due to NACK interrupt triggering +ISR thread before register access interrupt was ready. Removing the +NACK interrupt's ability to trigger ISR thread lets register access +ready interrupt do this instead. + +Cc: # v3.7+ +Fixes: 3b2f8f82dad7 ("i2c: omap: switch to threaded IRQ support") +Signed-off-by: Reid Tonking +Acked-by: Vignesh Raghavendra +Reviewed-by: Tony Lindgren +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-omap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-omap.c ++++ b/drivers/i2c/busses/i2c-omap.c +@@ -1058,7 +1058,7 @@ omap_i2c_isr(int irq, void *dev_id) + u16 stat; + + stat = omap_i2c_read_reg(omap, OMAP_I2C_STAT_REG); +- mask = omap_i2c_read_reg(omap, OMAP_I2C_IE_REG); ++ mask = omap_i2c_read_reg(omap, OMAP_I2C_IE_REG) & ~OMAP_I2C_STAT_NACK; + + if (stat & mask) + ret = IRQ_WAKE_THREAD; diff --git a/queue-6.2/igc-read-before-write-to-srrctl-register.patch b/queue-6.2/igc-read-before-write-to-srrctl-register.patch new file mode 100644 index 00000000000..30aa9c5f67b --- /dev/null +++ b/queue-6.2/igc-read-before-write-to-srrctl-register.patch @@ -0,0 +1,89 @@ +From 3ce29c17dc847bf4245e16aad78a7617afa96297 Mon Sep 17 00:00:00 2001 +From: Song Yoong Siang +Date: Tue, 2 May 2023 08:48:06 -0700 +Subject: igc: read before write to SRRCTL register + +From: Song Yoong Siang + +commit 3ce29c17dc847bf4245e16aad78a7617afa96297 upstream. + +igc_configure_rx_ring() function will be called as part of XDP program +setup. If Rx hardware timestamp is enabled prio to XDP program setup, +this timestamp enablement will be overwritten when buffer size is +written into SRRCTL register. + +Thus, this commit read the register value before write to SRRCTL +register. This commit is tested by using xdp_hw_metadata bpf selftest +tool. The tool enables Rx hardware timestamp and then attach XDP program +to igc driver. It will display hardware timestamp of UDP packet with +port number 9092. Below are detail of test steps and results. + +Command on DUT: + sudo ./xdp_hw_metadata + +Command on Link Partner: + echo -n skb | nc -u -q1 9092 + +Result before this patch: + skb hwtstamp is not found! + +Result after this patch: + found skb hwtstamp = 1677800973.642836757 + +Optionally, read PHC to confirm the values obtained are almost the same: +Command: + sudo ./testptp -d /dev/ptp0 -g +Result: + clock time: 1677800973.913598978 or Fri Mar 3 07:49:33 2023 + +Fixes: fc9df2a0b520 ("igc: Enable RX via AF_XDP zero-copy") +Cc: # 5.14+ +Signed-off-by: Song Yoong Siang +Reviewed-by: Jacob Keller +Reviewed-by: Jesper Dangaard Brouer +Tested-by: Jesper Dangaard Brouer +Tested-by: Naama Meir +Signed-off-by: Tony Nguyen +Reviewed-by: Leon Romanovsky +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/igc/igc_base.h | 11 ++++++++--- + drivers/net/ethernet/intel/igc/igc_main.c | 7 +++++-- + 2 files changed, 13 insertions(+), 5 deletions(-) + +--- a/drivers/net/ethernet/intel/igc/igc_base.h ++++ b/drivers/net/ethernet/intel/igc/igc_base.h +@@ -85,8 +85,13 @@ union igc_adv_rx_desc { + #define IGC_RXDCTL_SWFLUSH 0x04000000 /* Receive Software Flush */ + + /* SRRCTL bit definitions */ +-#define IGC_SRRCTL_BSIZEPKT_SHIFT 10 /* Shift _right_ */ +-#define IGC_SRRCTL_BSIZEHDRSIZE_SHIFT 2 /* Shift _left_ */ +-#define IGC_SRRCTL_DESCTYPE_ADV_ONEBUF 0x02000000 ++#define IGC_SRRCTL_BSIZEPKT_MASK GENMASK(6, 0) ++#define IGC_SRRCTL_BSIZEPKT(x) FIELD_PREP(IGC_SRRCTL_BSIZEPKT_MASK, \ ++ (x) / 1024) /* in 1 KB resolution */ ++#define IGC_SRRCTL_BSIZEHDR_MASK GENMASK(13, 8) ++#define IGC_SRRCTL_BSIZEHDR(x) FIELD_PREP(IGC_SRRCTL_BSIZEHDR_MASK, \ ++ (x) / 64) /* in 64 bytes resolution */ ++#define IGC_SRRCTL_DESCTYPE_MASK GENMASK(27, 25) ++#define IGC_SRRCTL_DESCTYPE_ADV_ONEBUF FIELD_PREP(IGC_SRRCTL_DESCTYPE_MASK, 1) + + #endif /* _IGC_BASE_H */ +--- a/drivers/net/ethernet/intel/igc/igc_main.c ++++ b/drivers/net/ethernet/intel/igc/igc_main.c +@@ -641,8 +641,11 @@ static void igc_configure_rx_ring(struct + else + buf_size = IGC_RXBUFFER_2048; + +- srrctl = IGC_RX_HDR_LEN << IGC_SRRCTL_BSIZEHDRSIZE_SHIFT; +- srrctl |= buf_size >> IGC_SRRCTL_BSIZEPKT_SHIFT; ++ srrctl = rd32(IGC_SRRCTL(reg_idx)); ++ srrctl &= ~(IGC_SRRCTL_BSIZEPKT_MASK | IGC_SRRCTL_BSIZEHDR_MASK | ++ IGC_SRRCTL_DESCTYPE_MASK); ++ srrctl |= IGC_SRRCTL_BSIZEHDR(IGC_RX_HDR_LEN); ++ srrctl |= IGC_SRRCTL_BSIZEPKT(buf_size); + srrctl |= IGC_SRRCTL_DESCTYPE_ADV_ONEBUF; + + wr32(IGC_SRRCTL(reg_idx), srrctl); diff --git a/queue-6.2/iommu-amd-fix-guest-virtual-apic-table-root-pointer-configuration-in-irte.patch b/queue-6.2/iommu-amd-fix-guest-virtual-apic-table-root-pointer-configuration-in-irte.patch new file mode 100644 index 00000000000..17a4664f879 --- /dev/null +++ b/queue-6.2/iommu-amd-fix-guest-virtual-apic-table-root-pointer-configuration-in-irte.patch @@ -0,0 +1,50 @@ +From ccc62b827775915a9b82db42a29813d04f92df7a Mon Sep 17 00:00:00 2001 +From: Kishon Vijay Abraham I +Date: Wed, 5 Apr 2023 13:03:17 +0000 +Subject: iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE + +From: Kishon Vijay Abraham I + +commit ccc62b827775915a9b82db42a29813d04f92df7a upstream. + +commit b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC +(de-)activation code") while refactoring guest virtual APIC +activation/de-activation code, stored information for activate/de-activate +in "struct amd_ir_data". It used 32-bit integer data type for storing the +"Guest Virtual APIC Table Root Pointer" (ga_root_ptr), though the +"ga_root_ptr" is actually a 40-bit field in IRTE (Interrupt Remapping +Table Entry). + +This causes interrupts from PCIe devices to not reach the guest in the case +of PCIe passthrough with SME (Secure Memory Encryption) enabled as _SME_ +bit in the "ga_root_ptr" is lost before writing it to the IRTE. + +Fix it by using 64-bit data type for storing the "ga_root_ptr". While at +that also change the data type of "ga_tag" to u32 in order to match +the IOMMU spec. + +Fixes: b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC (de-)activation code") +Cc: stable@vger.kernel.org # v5.4+ +Reported-by: Alejandro Jimenez +Reviewed-by: Suravee Suthikulpanit +Signed-off-by: Kishon Vijay Abraham I +Link: https://lore.kernel.org/r/20230405130317.9351-1-kvijayab@amd.com +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iommu/amd/amd_iommu_types.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iommu/amd/amd_iommu_types.h ++++ b/drivers/iommu/amd/amd_iommu_types.h +@@ -1001,8 +1001,8 @@ struct amd_ir_data { + */ + struct irq_cfg *cfg; + int ga_vector; +- int ga_root_ptr; +- int ga_tag; ++ u64 ga_root_ptr; ++ u32 ga_tag; + }; + + struct amd_irte_ops { diff --git a/queue-6.2/ksmbd-call-rcu_barrier-in-ksmbd_server_exit.patch b/queue-6.2/ksmbd-call-rcu_barrier-in-ksmbd_server_exit.patch new file mode 100644 index 00000000000..476ee5a1f9c --- /dev/null +++ b/queue-6.2/ksmbd-call-rcu_barrier-in-ksmbd_server_exit.patch @@ -0,0 +1,34 @@ +From eb307d09fe15844fdaebeb8cc8c9b9e925430aa5 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Wed, 3 May 2023 08:51:51 +0900 +Subject: ksmbd: call rcu_barrier() in ksmbd_server_exit() + +From: Namjae Jeon + +commit eb307d09fe15844fdaebeb8cc8c9b9e925430aa5 upstream. + +racy issue is triggered the bug by racing between closing a connection +and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, +so nothing prevents ksmbd from getting unloaded while it still has RCU +callbacks pending. It leads to trigger unintended execution of kernel +code locally and use to defeat protections such as Kernel Lockdown + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20477 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/ksmbd/server.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ksmbd/server.c ++++ b/fs/ksmbd/server.c +@@ -606,6 +606,7 @@ err_unregister: + static void __exit ksmbd_server_exit(void) + { + ksmbd_server_shutdown(); ++ rcu_barrier(); + ksmbd_release_inode_hash(); + } + diff --git a/queue-6.2/ksmbd-fix-deadlock-in-ksmbd_find_crypto_ctx.patch b/queue-6.2/ksmbd-fix-deadlock-in-ksmbd_find_crypto_ctx.patch new file mode 100644 index 00000000000..c6f5722fec8 --- /dev/null +++ b/queue-6.2/ksmbd-fix-deadlock-in-ksmbd_find_crypto_ctx.patch @@ -0,0 +1,74 @@ +From 7b4323373d844954bb76e0e9f39c4e5fc785fa7b Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Wed, 3 May 2023 08:44:14 +0900 +Subject: ksmbd: fix deadlock in ksmbd_find_crypto_ctx() + +From: Namjae Jeon + +commit 7b4323373d844954bb76e0e9f39c4e5fc785fa7b upstream. + +Deadlock is triggered by sending multiple concurrent session setup +requests. It should be reused after releasing when getting ctx for crypto. +Multiple consecutive ctx uses cause deadlock while waiting for releasing +due to the limited number of ctx. + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20591 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/ksmbd/auth.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +--- a/fs/ksmbd/auth.c ++++ b/fs/ksmbd/auth.c +@@ -221,22 +221,22 @@ int ksmbd_auth_ntlmv2(struct ksmbd_conn + { + char ntlmv2_hash[CIFS_ENCPWD_SIZE]; + char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; +- struct ksmbd_crypto_ctx *ctx; ++ struct ksmbd_crypto_ctx *ctx = NULL; + char *construct = NULL; + int rc, len; + +- ctx = ksmbd_crypto_ctx_find_hmacmd5(); +- if (!ctx) { +- ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n"); +- return -ENOMEM; +- } +- + rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name); + if (rc) { + ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc); + goto out; + } + ++ ctx = ksmbd_crypto_ctx_find_hmacmd5(); ++ if (!ctx) { ++ ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n"); ++ return -ENOMEM; ++ } ++ + rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx), + ntlmv2_hash, + CIFS_HMAC_MD5_HASH_SIZE); +@@ -272,6 +272,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_conn + ksmbd_debug(AUTH, "Could not generate md5 hash\n"); + goto out; + } ++ ksmbd_release_crypto_ctx(ctx); ++ ctx = NULL; + + rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp); + if (rc) { +@@ -282,7 +284,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_conn + if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0) + rc = -EINVAL; + out: +- ksmbd_release_crypto_ctx(ctx); ++ if (ctx) ++ ksmbd_release_crypto_ctx(ctx); + kfree(construct); + return rc; + } diff --git a/queue-6.2/ksmbd-fix-memleak-in-session-setup.patch b/queue-6.2/ksmbd-fix-memleak-in-session-setup.patch new file mode 100644 index 00000000000..16aaaae1dae --- /dev/null +++ b/queue-6.2/ksmbd-fix-memleak-in-session-setup.patch @@ -0,0 +1,37 @@ +From 6d7cb549c2ca20e1f07593f15e936fd54b763028 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Wed, 3 May 2023 08:26:45 +0900 +Subject: ksmbd: fix memleak in session setup + +From: Namjae Jeon + +commit 6d7cb549c2ca20e1f07593f15e936fd54b763028 upstream. + +If client send session setup request with unknown NTLMSSP message type, +session that does not included channel can be created. It will cause +session memleak. because ksmbd_sessions_deregister() does not destroy +session if channel is not included. This patch return error response if +client send the request unknown NTLMSSP message type. + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20593 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/ksmbd/smb2pdu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/ksmbd/smb2pdu.c ++++ b/fs/ksmbd/smb2pdu.c +@@ -1801,6 +1801,10 @@ int smb2_sess_setup(struct ksmbd_work *w + } + kfree(sess->Preauth_HashValue); + sess->Preauth_HashValue = NULL; ++ } else { ++ pr_info_ratelimited("Unknown NTLMSSP message type : 0x%x\n", ++ le32_to_cpu(negblob->MessageType)); ++ rc = -EINVAL; + } + } else { + /* TODO: need one more negotiation */ diff --git a/queue-6.2/ksmbd-fix-null-pointer-dereference-in-smb2_get_info_filesystem.patch b/queue-6.2/ksmbd-fix-null-pointer-dereference-in-smb2_get_info_filesystem.patch new file mode 100644 index 00000000000..e08d54c158d --- /dev/null +++ b/queue-6.2/ksmbd-fix-null-pointer-dereference-in-smb2_get_info_filesystem.patch @@ -0,0 +1,33 @@ +From 3ac00a2ab69b34189942afa9e862d5170cdcb018 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Wed, 3 May 2023 08:38:33 +0900 +Subject: ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() + +From: Namjae Jeon + +commit 3ac00a2ab69b34189942afa9e862d5170cdcb018 upstream. + +If share is , share->path is NULL and it cause NULL pointer +dereference issue. + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20479 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/ksmbd/smb2pdu.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/ksmbd/smb2pdu.c ++++ b/fs/ksmbd/smb2pdu.c +@@ -4915,6 +4915,9 @@ static int smb2_get_info_filesystem(stru + int rc = 0, len; + int fs_infoclass_size = 0; + ++ if (!share->path) ++ return -EIO; ++ + rc = kern_path(share->path, LOOKUP_NO_SYMLINKS, &path); + if (rc) { + pr_err("cannot create vfs path\n"); diff --git a/queue-6.2/ksmbd-fix-racy-issue-under-cocurrent-smb2-tree-disconnect.patch b/queue-6.2/ksmbd-fix-racy-issue-under-cocurrent-smb2-tree-disconnect.patch new file mode 100644 index 00000000000..23c314a49ed --- /dev/null +++ b/queue-6.2/ksmbd-fix-racy-issue-under-cocurrent-smb2-tree-disconnect.patch @@ -0,0 +1,78 @@ +From 30210947a343b6b3ca13adc9bfc88e1543e16dd5 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Wed, 3 May 2023 08:51:12 +0900 +Subject: ksmbd: fix racy issue under cocurrent smb2 tree disconnect + +From: Namjae Jeon + +commit 30210947a343b6b3ca13adc9bfc88e1543e16dd5 upstream. + +There is UAF issue under cocurrent smb2 tree disconnect. +This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurrent +access. + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20592 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/ksmbd/mgmt/tree_connect.c | 10 +++++++++- + fs/ksmbd/mgmt/tree_connect.h | 3 +++ + fs/ksmbd/smb2pdu.c | 3 ++- + 3 files changed, 14 insertions(+), 2 deletions(-) + +--- a/fs/ksmbd/mgmt/tree_connect.c ++++ b/fs/ksmbd/mgmt/tree_connect.c +@@ -109,7 +109,15 @@ int ksmbd_tree_conn_disconnect(struct ks + struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, + unsigned int id) + { +- return xa_load(&sess->tree_conns, id); ++ struct ksmbd_tree_connect *tcon; ++ ++ tcon = xa_load(&sess->tree_conns, id); ++ if (tcon) { ++ if (test_bit(TREE_CONN_EXPIRE, &tcon->status)) ++ tcon = NULL; ++ } ++ ++ return tcon; + } + + struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess, +--- a/fs/ksmbd/mgmt/tree_connect.h ++++ b/fs/ksmbd/mgmt/tree_connect.h +@@ -14,6 +14,8 @@ struct ksmbd_share_config; + struct ksmbd_user; + struct ksmbd_conn; + ++#define TREE_CONN_EXPIRE 1 ++ + struct ksmbd_tree_connect { + int id; + +@@ -25,6 +27,7 @@ struct ksmbd_tree_connect { + + int maximal_access; + bool posix_extensions; ++ unsigned long status; + }; + + struct ksmbd_tree_conn_status { +--- a/fs/ksmbd/smb2pdu.c ++++ b/fs/ksmbd/smb2pdu.c +@@ -2055,11 +2055,12 @@ int smb2_tree_disconnect(struct ksmbd_wo + + ksmbd_debug(SMB, "request\n"); + +- if (!tcon) { ++ if (!tcon || test_and_set_bit(TREE_CONN_EXPIRE, &tcon->status)) { + struct smb2_tree_disconnect_req *req = + smb2_get_msg(work->request_buf); + + ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId); ++ + rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED; + smb2_set_err_rsp(work); + return 0; diff --git a/queue-6.2/ksmbd-not-allow-guest-user-on-multichannel.patch b/queue-6.2/ksmbd-not-allow-guest-user-on-multichannel.patch new file mode 100644 index 00000000000..fed4df7e393 --- /dev/null +++ b/queue-6.2/ksmbd-not-allow-guest-user-on-multichannel.patch @@ -0,0 +1,61 @@ +From 3353ab2df5f68dab7da8d5ebb427a2d265a1f2b2 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Wed, 3 May 2023 08:45:08 +0900 +Subject: ksmbd: not allow guest user on multichannel + +From: Namjae Jeon + +commit 3353ab2df5f68dab7da8d5ebb427a2d265a1f2b2 upstream. + +This patch return STATUS_NOT_SUPPORTED if binding session is guest. + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20480 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/ksmbd/smb2pdu.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/fs/ksmbd/smb2pdu.c ++++ b/fs/ksmbd/smb2pdu.c +@@ -1456,7 +1456,7 @@ static int ntlm_authenticate(struct ksmb + * Reuse session if anonymous try to connect + * on reauthetication. + */ +- if (ksmbd_anonymous_user(user)) { ++ if (conn->binding == false && ksmbd_anonymous_user(user)) { + ksmbd_free_user(user); + return 0; + } +@@ -1470,7 +1470,7 @@ static int ntlm_authenticate(struct ksmb + sess->user = user; + } + +- if (user_guest(sess->user)) { ++ if (conn->binding == false && user_guest(sess->user)) { + rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE; + } else { + struct authenticate_message *authblob; +@@ -1715,6 +1715,11 @@ int smb2_sess_setup(struct ksmbd_work *w + goto out_err; + } + ++ if (user_guest(sess->user)) { ++ rc = -EOPNOTSUPP; ++ goto out_err; ++ } ++ + conn->binding = true; + } else if ((conn->dialect < SMB30_PROT_ID || + server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && +@@ -1827,6 +1832,8 @@ out_err: + rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED; + else if (rc == -ENOMEM) + rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES; ++ else if (rc == -EOPNOTSUPP) ++ rsp->hdr.Status = STATUS_NOT_SUPPORTED; + else if (rc) + rsp->hdr.Status = STATUS_LOGON_FAILURE; + diff --git a/queue-6.2/kvm-risc-v-retry-fault-if-vma_lookup-results-become-invalid.patch b/queue-6.2/kvm-risc-v-retry-fault-if-vma_lookup-results-become-invalid.patch new file mode 100644 index 00000000000..cf9a631bf8b --- /dev/null +++ b/queue-6.2/kvm-risc-v-retry-fault-if-vma_lookup-results-become-invalid.patch @@ -0,0 +1,87 @@ +From 2ed90cb0938a45b12eb947af062d12c7af0067b3 Mon Sep 17 00:00:00 2001 +From: David Matlack +Date: Fri, 17 Mar 2023 14:11:06 -0700 +Subject: KVM: RISC-V: Retry fault if vma_lookup() results become invalid + +From: David Matlack + +commit 2ed90cb0938a45b12eb947af062d12c7af0067b3 upstream. + +Read mmu_invalidate_seq before dropping the mmap_lock so that KVM can +detect if the results of vma_lookup() (e.g. vma_shift) become stale +before it acquires kvm->mmu_lock. This fixes a theoretical bug where a +VMA could be changed by userspace after vma_lookup() and before KVM +reads the mmu_invalidate_seq, causing KVM to install page table entries +based on a (possibly) no-longer-valid vma_shift. + +Re-order the MMU cache top-up to earlier in user_mem_abort() so that it +is not done after KVM has read mmu_invalidate_seq (i.e. so as to avoid +inducing spurious fault retries). + +It's unlikely that any sane userspace currently modifies VMAs in such a +way as to trigger this race. And even with directed testing I was unable +to reproduce it. But a sufficiently motivated host userspace might be +able to exploit this race. + +Note KVM/ARM had the same bug and was fixed in a separate, near +identical patch (see Link). + +Link: https://lore.kernel.org/kvm/20230313235454.2964067-1-dmatlack@google.com/ +Fixes: 9955371cc014 ("RISC-V: KVM: Implement MMU notifiers") +Cc: stable@vger.kernel.org +Signed-off-by: David Matlack +Tested-by: Anup Patel +Signed-off-by: Anup Patel +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/kvm/mmu.c | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +--- a/arch/riscv/kvm/mmu.c ++++ b/arch/riscv/kvm/mmu.c +@@ -628,6 +628,13 @@ int kvm_riscv_gstage_map(struct kvm_vcpu + !(memslot->flags & KVM_MEM_READONLY)) ? true : false; + unsigned long vma_pagesize, mmu_seq; + ++ /* We need minimum second+third level pages */ ++ ret = kvm_mmu_topup_memory_cache(pcache, gstage_pgd_levels); ++ if (ret) { ++ kvm_err("Failed to topup G-stage cache\n"); ++ return ret; ++ } ++ + mmap_read_lock(current->mm); + + vma = vma_lookup(current->mm, hva); +@@ -648,6 +655,15 @@ int kvm_riscv_gstage_map(struct kvm_vcpu + if (vma_pagesize == PMD_SIZE || vma_pagesize == PGDIR_SIZE) + gfn = (gpa & huge_page_mask(hstate_vma(vma))) >> PAGE_SHIFT; + ++ /* ++ * Read mmu_invalidate_seq so that KVM can detect if the results of ++ * vma_lookup() or gfn_to_pfn_prot() become stale priort to acquiring ++ * kvm->mmu_lock. ++ * ++ * Rely on mmap_read_unlock() for an implicit smp_rmb(), which pairs ++ * with the smp_wmb() in kvm_mmu_invalidate_end(). ++ */ ++ mmu_seq = kvm->mmu_invalidate_seq; + mmap_read_unlock(current->mm); + + if (vma_pagesize != PGDIR_SIZE && +@@ -657,15 +673,6 @@ int kvm_riscv_gstage_map(struct kvm_vcpu + return -EFAULT; + } + +- /* We need minimum second+third level pages */ +- ret = kvm_mmu_topup_memory_cache(pcache, gstage_pgd_levels); +- if (ret) { +- kvm_err("Failed to topup G-stage cache\n"); +- return ret; +- } +- +- mmu_seq = kvm->mmu_invalidate_seq; +- + hfn = gfn_to_pfn_prot(kvm, gfn, is_write, &writable); + if (hfn == KVM_PFN_ERR_HWPOISON) { + send_sig_mceerr(BUS_MCEERR_AR, (void __user *)hva, diff --git a/queue-6.2/risc-v-align-sbi-probe-implementation-with-spec.patch b/queue-6.2/risc-v-align-sbi-probe-implementation-with-spec.patch new file mode 100644 index 00000000000..826f87d20d4 --- /dev/null +++ b/queue-6.2/risc-v-align-sbi-probe-implementation-with-spec.patch @@ -0,0 +1,144 @@ +From 41cad8284d5e6bf1d49d3c10a6b52ee1ae866a20 Mon Sep 17 00:00:00 2001 +From: Andrew Jones +Date: Thu, 27 Apr 2023 18:36:26 +0200 +Subject: RISC-V: Align SBI probe implementation with spec + +From: Andrew Jones + +commit 41cad8284d5e6bf1d49d3c10a6b52ee1ae866a20 upstream. + +sbi_probe_extension() is specified with "Returns 0 if the given SBI +extension ID (EID) is not available, or 1 if it is available unless +defined as any other non-zero value by the implementation." +Additionally, sbiret.value is a long. Fix the implementation to +ensure any nonzero long value is considered a success, rather +than only positive int values. + +Fixes: b9dcd9e41587 ("RISC-V: Add basic support for SBI v0.2") +Signed-off-by: Andrew Jones +Reviewed-by: Conor Dooley +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230427163626.101042-1-ajones@ventanamicro.com +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/sbi.h | 2 +- + arch/riscv/kernel/cpu_ops.c | 2 +- + arch/riscv/kernel/sbi.c | 17 ++++++++--------- + arch/riscv/kvm/main.c | 2 +- + drivers/cpuidle/cpuidle-riscv-sbi.c | 2 +- + drivers/perf/riscv_pmu_sbi.c | 2 +- + 6 files changed, 13 insertions(+), 14 deletions(-) + +--- a/arch/riscv/include/asm/sbi.h ++++ b/arch/riscv/include/asm/sbi.h +@@ -293,7 +293,7 @@ int sbi_remote_hfence_vvma_asid(const st + unsigned long start, + unsigned long size, + unsigned long asid); +-int sbi_probe_extension(int ext); ++long sbi_probe_extension(int ext); + + /* Check if current SBI specification version is 0.1 or not */ + static inline int sbi_spec_is_0_1(void) +--- a/arch/riscv/kernel/cpu_ops.c ++++ b/arch/riscv/kernel/cpu_ops.c +@@ -27,7 +27,7 @@ const struct cpu_operations cpu_ops_spin + void __init cpu_set_ops(int cpuid) + { + #if IS_ENABLED(CONFIG_RISCV_SBI) +- if (sbi_probe_extension(SBI_EXT_HSM) > 0) { ++ if (sbi_probe_extension(SBI_EXT_HSM)) { + if (!cpuid) + pr_info("SBI HSM extension detected\n"); + cpu_ops[cpuid] = &cpu_ops_sbi; +--- a/arch/riscv/kernel/sbi.c ++++ b/arch/riscv/kernel/sbi.c +@@ -581,19 +581,18 @@ static void sbi_srst_power_off(void) + * sbi_probe_extension() - Check if an SBI extension ID is supported or not. + * @extid: The extension ID to be probed. + * +- * Return: Extension specific nonzero value f yes, -ENOTSUPP otherwise. ++ * Return: 1 or an extension specific nonzero value if yes, 0 otherwise. + */ +-int sbi_probe_extension(int extid) ++long sbi_probe_extension(int extid) + { + struct sbiret ret; + + ret = sbi_ecall(SBI_EXT_BASE, SBI_EXT_BASE_PROBE_EXT, extid, + 0, 0, 0, 0, 0); + if (!ret.error) +- if (ret.value) +- return ret.value; ++ return ret.value; + +- return -ENOTSUPP; ++ return 0; + } + EXPORT_SYMBOL(sbi_probe_extension); + +@@ -665,26 +664,26 @@ void __init sbi_init(void) + if (!sbi_spec_is_0_1()) { + pr_info("SBI implementation ID=0x%lx Version=0x%lx\n", + sbi_get_firmware_id(), sbi_get_firmware_version()); +- if (sbi_probe_extension(SBI_EXT_TIME) > 0) { ++ if (sbi_probe_extension(SBI_EXT_TIME)) { + __sbi_set_timer = __sbi_set_timer_v02; + pr_info("SBI TIME extension detected\n"); + } else { + __sbi_set_timer = __sbi_set_timer_v01; + } +- if (sbi_probe_extension(SBI_EXT_IPI) > 0) { ++ if (sbi_probe_extension(SBI_EXT_IPI)) { + __sbi_send_ipi = __sbi_send_ipi_v02; + pr_info("SBI IPI extension detected\n"); + } else { + __sbi_send_ipi = __sbi_send_ipi_v01; + } +- if (sbi_probe_extension(SBI_EXT_RFENCE) > 0) { ++ if (sbi_probe_extension(SBI_EXT_RFENCE)) { + __sbi_rfence = __sbi_rfence_v02; + pr_info("SBI RFENCE extension detected\n"); + } else { + __sbi_rfence = __sbi_rfence_v01; + } + if ((sbi_spec_version >= sbi_mk_version(0, 3)) && +- (sbi_probe_extension(SBI_EXT_SRST) > 0)) { ++ sbi_probe_extension(SBI_EXT_SRST)) { + pr_info("SBI SRST extension detected\n"); + pm_power_off = sbi_srst_power_off; + sbi_srst_reboot_nb.notifier_call = sbi_srst_reboot; +--- a/arch/riscv/kvm/main.c ++++ b/arch/riscv/kvm/main.c +@@ -84,7 +84,7 @@ int kvm_arch_init(void *opaque) + return -ENODEV; + } + +- if (sbi_probe_extension(SBI_EXT_RFENCE) <= 0) { ++ if (!sbi_probe_extension(SBI_EXT_RFENCE)) { + kvm_info("require SBI RFENCE extension\n"); + return -ENODEV; + } +--- a/drivers/cpuidle/cpuidle-riscv-sbi.c ++++ b/drivers/cpuidle/cpuidle-riscv-sbi.c +@@ -612,7 +612,7 @@ static int __init sbi_cpuidle_init(void) + * 2) SBI HSM extension is available + */ + if ((sbi_spec_version < sbi_mk_version(0, 3)) || +- sbi_probe_extension(SBI_EXT_HSM) <= 0) { ++ !sbi_probe_extension(SBI_EXT_HSM)) { + pr_info("HSM suspend not available\n"); + return 0; + } +--- a/drivers/perf/riscv_pmu_sbi.c ++++ b/drivers/perf/riscv_pmu_sbi.c +@@ -883,7 +883,7 @@ static int __init pmu_sbi_devinit(void) + struct platform_device *pdev; + + if (sbi_spec_version < sbi_mk_version(0, 3) || +- sbi_probe_extension(SBI_EXT_PMU) <= 0) { ++ !sbi_probe_extension(SBI_EXT_PMU)) { + return 0; + } + diff --git a/queue-6.2/riscv-mm-remove-redundant-parameter-of-create_fdt_early_page_table.patch b/queue-6.2/riscv-mm-remove-redundant-parameter-of-create_fdt_early_page_table.patch new file mode 100644 index 00000000000..4140453dac9 --- /dev/null +++ b/queue-6.2/riscv-mm-remove-redundant-parameter-of-create_fdt_early_page_table.patch @@ -0,0 +1,47 @@ +From e4ef93edd4e0b022529303db1915766ff9de450e Mon Sep 17 00:00:00 2001 +From: Song Shuai +Date: Wed, 26 Apr 2023 18:00:09 +0800 +Subject: riscv: mm: remove redundant parameter of create_fdt_early_page_table + +From: Song Shuai + +commit e4ef93edd4e0b022529303db1915766ff9de450e upstream. + +create_fdt_early_page_table() explicitly uses early_pg_dir for +32-bit fdt mapping and the pgdir parameter is redundant here. +So remove it and its caller. + +Reviewed-by: Alexandre Ghiti +Signed-off-by: Song Shuai +Reviewed-by: Conor Dooley +Fixes: ef69d2559fe9 ("riscv: Move early dtb mapping into the fixmap region") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230426100009.685435-1-suagrfillet@gmail.com +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/mm/init.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/arch/riscv/mm/init.c ++++ b/arch/riscv/mm/init.c +@@ -843,8 +843,7 @@ static void __init create_kernel_page_ta + * this means 2 PMD entries whereas for 32-bit kernel, this is only 1 PGDIR + * entry. + */ +-static void __init create_fdt_early_page_table(pgd_t *pgdir, +- uintptr_t fix_fdt_va, ++static void __init create_fdt_early_page_table(uintptr_t fix_fdt_va, + uintptr_t dtb_pa) + { + uintptr_t pa = dtb_pa & ~(PMD_SIZE - 1); +@@ -1034,8 +1033,7 @@ asmlinkage void __init setup_vm(uintptr_ + create_kernel_page_table(early_pg_dir, true); + + /* Setup early mapping for FDT early scan */ +- create_fdt_early_page_table(early_pg_dir, +- __fix_to_virt(FIX_FDT), dtb_pa); ++ create_fdt_early_page_table(__fix_to_virt(FIX_FDT), dtb_pa); + + /* + * Bootime fixmap only can handle PMD_SIZE mapping. Thus, boot-ioremap diff --git a/queue-6.2/series b/queue-6.2/series index 7a60ec89fa5..fd7335fd999 100644 --- a/queue-6.2/series +++ b/queue-6.2/series @@ -86,3 +86,18 @@ drm-amd-display-remove-stutter-only-configurations.patch drm-amd-display-limit-timing-for-single-dimm-memory.patch drm-amd-display-fix-psr-su-dsc-interoperability-supp.patch drm-amd-display-fix-a-divided-by-zero-error.patch +kvm-risc-v-retry-fault-if-vma_lookup-results-become-invalid.patch +ksmbd-fix-racy-issue-under-cocurrent-smb2-tree-disconnect.patch +ksmbd-call-rcu_barrier-in-ksmbd_server_exit.patch +ksmbd-fix-null-pointer-dereference-in-smb2_get_info_filesystem.patch +ksmbd-fix-memleak-in-session-setup.patch +ksmbd-not-allow-guest-user-on-multichannel.patch +ksmbd-fix-deadlock-in-ksmbd_find_crypto_ctx.patch +acpi-video-remove-acpi_backlight-video-quirk-for-lenovo-thinkpad-w530.patch +igc-read-before-write-to-srrctl-register.patch +i2c-omap-fix-standard-mode-false-ack-readings.patch +riscv-mm-remove-redundant-parameter-of-create_fdt_early_page_table.patch +tracing-fix-permissions-for-the-buffer_percent-file.patch +drm-amd-pm-re-enable-the-gfx-imu-when-smu-resume.patch +iommu-amd-fix-guest-virtual-apic-table-root-pointer-configuration-in-irte.patch +risc-v-align-sbi-probe-implementation-with-spec.patch diff --git a/queue-6.2/tracing-fix-permissions-for-the-buffer_percent-file.patch b/queue-6.2/tracing-fix-permissions-for-the-buffer_percent-file.patch new file mode 100644 index 00000000000..c5d25ed3d1d --- /dev/null +++ b/queue-6.2/tracing-fix-permissions-for-the-buffer_percent-file.patch @@ -0,0 +1,37 @@ +From 4f94559f40ad06d627c0fdfc3319cec778a2845b Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Wed, 3 May 2023 16:01:14 +0200 +Subject: tracing: Fix permissions for the buffer_percent file + +From: Ondrej Mosnacek + +commit 4f94559f40ad06d627c0fdfc3319cec778a2845b upstream. + +This file defines both read and write operations, yet it is being +created as read-only. This means that it can't be written to without the +CAP_DAC_OVERRIDE capability. Fix the permissions to allow root to write +to it without the need to override DAC perms. + +Link: https://lore.kernel.org/linux-trace-kernel/20230503140114.3280002-1-omosnace@redhat.com + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Fixes: 03329f993978 ("tracing: Add tracefs file buffer_percentage") +Signed-off-by: Ondrej Mosnacek +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -9621,7 +9621,7 @@ init_tracer_tracefs(struct trace_array * + + tr->buffer_percent = 50; + +- trace_create_file("buffer_percent", TRACE_MODE_READ, d_tracer, ++ trace_create_file("buffer_percent", TRACE_MODE_WRITE, d_tracer, + tr, &buffer_percent_fops); + + create_trace_options_dir(tr);