From: Greg Kroah-Hartman Date: Fri, 20 Oct 2023 16:56:10 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v4.14.328~96 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8e50443bfeb717a46da492c55c2dbfa1226d02cd;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: ice-reset-first-in-crash-dump-kernels.patch kvm-x86-mask-lvtpc-when-handling-a-pmi.patch nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch regmap-fix-null-deref-on-lookup.patch --- diff --git a/queue-5.10/ice-reset-first-in-crash-dump-kernels.patch b/queue-5.10/ice-reset-first-in-crash-dump-kernels.patch new file mode 100644 index 00000000000..ef0ad86379e --- /dev/null +++ b/queue-5.10/ice-reset-first-in-crash-dump-kernels.patch @@ -0,0 +1,71 @@ +From 0288c3e709e5fabd51e84715c5c798a02f43061a Mon Sep 17 00:00:00 2001 +From: Jesse Brandeburg +Date: Wed, 11 Oct 2023 16:33:33 -0700 +Subject: ice: reset first in crash dump kernels + +From: Jesse Brandeburg + +commit 0288c3e709e5fabd51e84715c5c798a02f43061a upstream. + +When the system boots into the crash dump kernel after a panic, the ice +networking device may still have pending transactions that can cause errors +or machine checks when the device is re-enabled. This can prevent the crash +dump kernel from loading the driver or collecting the crash data. + +To avoid this issue, perform a function level reset (FLR) on the ice device +via PCIe config space before enabling it on the crash kernel. This will +clear any outstanding transactions and stop all queues and interrupts. +Restore the config space after the FLR, otherwise it was found in testing +that the driver wouldn't load successfully. + +The following sequence causes the original issue: +- Load the ice driver with modprobe ice +- Enable SR-IOV with 2 VFs: echo 2 > /sys/class/net/eth0/device/sriov_num_vfs +- Trigger a crash with echo c > /proc/sysrq-trigger +- Load the ice driver again (or let it load automatically) with modprobe ice +- The system crashes again during pcim_enable_device() + +Fixes: 837f08fdecbe ("ice: Add basic driver framework for Intel(R) E800 Series") +Reported-by: Vishal Agrawal +Reviewed-by: Jay Vosburgh +Reviewed-by: Przemek Kitszel +Signed-off-by: Jesse Brandeburg +Tested-by: Pucha Himasekhar Reddy (A Contingent worker at Intel) +Link: https://lore.kernel.org/r/20231011233334.336092-3-jacob.e.keller@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/ice/ice_main.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/drivers/net/ethernet/intel/ice/ice_main.c ++++ b/drivers/net/ethernet/intel/ice/ice_main.c +@@ -6,6 +6,7 @@ + #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + + #include ++#include + #include "ice.h" + #include "ice_base.h" + #include "ice_lib.h" +@@ -4025,6 +4026,20 @@ ice_probe(struct pci_dev *pdev, const st + return -EINVAL; + } + ++ /* when under a kdump kernel initiate a reset before enabling the ++ * device in order to clear out any pending DMA transactions. These ++ * transactions can cause some systems to machine check when doing ++ * the pcim_enable_device() below. ++ */ ++ if (is_kdump_kernel()) { ++ pci_save_state(pdev); ++ pci_clear_master(pdev); ++ err = pcie_flr(pdev); ++ if (err) ++ return err; ++ pci_restore_state(pdev); ++ } ++ + /* this driver uses devres, see + * Documentation/driver-api/driver-model/devres.rst + */ diff --git a/queue-5.10/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch b/queue-5.10/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch new file mode 100644 index 00000000000..62438657290 --- /dev/null +++ b/queue-5.10/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch @@ -0,0 +1,53 @@ +From a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a Mon Sep 17 00:00:00 2001 +From: Jim Mattson +Date: Mon, 25 Sep 2023 17:34:47 +0000 +Subject: KVM: x86: Mask LVTPC when handling a PMI + +From: Jim Mattson + +commit a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a upstream. + +Per the SDM, "When the local APIC handles a performance-monitoring +counters interrupt, it automatically sets the mask flag in the LVT +performance counter register." Add this behavior to KVM's local APIC +emulation. + +Failure to mask the LVTPC entry results in spurious PMIs, e.g. when +running Linux as a guest, PMI handlers that do a "late_ack" spew a large +number of "dazed and confused" spurious NMI warnings. + +Fixes: f5132b01386b ("KVM: Expose a version 2 architectural PMU to a guests") +Cc: stable@vger.kernel.org +Signed-off-by: Jim Mattson +Tested-by: Mingwei Zhang +Signed-off-by: Mingwei Zhang +Link: https://lore.kernel.org/r/20230925173448.3518223-3-mizhang@google.com +[sean: massage changelog, correct Fixes] +Signed-off-by: Sean Christopherson +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/lapic.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -2397,13 +2397,17 @@ int kvm_apic_local_deliver(struct kvm_la + { + u32 reg = kvm_lapic_get_reg(apic, lvt_type); + int vector, mode, trig_mode; ++ int r; + + if (kvm_apic_hw_enabled(apic) && !(reg & APIC_LVT_MASKED)) { + vector = reg & APIC_VECTOR_MASK; + mode = reg & APIC_MODE_MASK; + trig_mode = reg & APIC_LVT_LEVEL_TRIGGER; +- return __apic_accept_irq(apic, mode, vector, 1, trig_mode, +- NULL); ++ ++ r = __apic_accept_irq(apic, mode, vector, 1, trig_mode, NULL); ++ if (r && lvt_type == APIC_LVTPC) ++ kvm_lapic_set_reg(apic, APIC_LVTPC, reg | APIC_LVT_MASKED); ++ return r; + } + return 0; + } diff --git a/queue-5.10/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch b/queue-5.10/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch new file mode 100644 index 00000000000..3be9c776076 --- /dev/null +++ b/queue-5.10/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch @@ -0,0 +1,38 @@ +From 7937609cd387246aed994e81aa4fa951358fba41 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Fri, 13 Oct 2023 20:41:29 +0200 +Subject: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Krzysztof Kozlowski + +commit 7937609cd387246aed994e81aa4fa951358fba41 upstream. + +Handle memory allocation failure from nci_skb_alloc() (calling +alloc_skb()) to avoid possible NULL pointer dereference. + +Reported-by: 黄思聪 +Fixes: 391d8a2da787 ("NFC: Add NCI over SPI receive") +Cc: +Signed-off-by: Krzysztof Kozlowski +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20231013184129.18738-1-krzysztof.kozlowski@linaro.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/nfc/nci/spi.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/nfc/nci/spi.c ++++ b/net/nfc/nci/spi.c +@@ -151,6 +151,8 @@ static int send_acknowledge(struct nci_s + int ret; + + skb = nci_skb_alloc(nspi->ndev, 0, GFP_KERNEL); ++ if (!skb) ++ return -ENOMEM; + + /* add the NCI SPI header to the start of the buffer */ + hdr = skb_push(skb, NCI_SPI_HDR_LEN); diff --git a/queue-5.10/regmap-fix-null-deref-on-lookup.patch b/queue-5.10/regmap-fix-null-deref-on-lookup.patch new file mode 100644 index 00000000000..93f65723fd5 --- /dev/null +++ b/queue-5.10/regmap-fix-null-deref-on-lookup.patch @@ -0,0 +1,35 @@ +From c6df843348d6b71ea986266c12831cb60c2cf325 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Fri, 6 Oct 2023 10:21:04 +0200 +Subject: regmap: fix NULL deref on lookup + +From: Johan Hovold + +commit c6df843348d6b71ea986266c12831cb60c2cf325 upstream. + +Not all regmaps have a name so make sure to check for that to avoid +dereferencing a NULL pointer when dev_get_regmap() is used to lookup a +named regmap. + +Fixes: e84861fec32d ("regmap: dev_get_regmap_match(): fix string comparison") +Cc: stable@vger.kernel.org # 5.8 +Cc: Marc Kleine-Budde +Signed-off-by: Johan Hovold +Link: https://lore.kernel.org/r/20231006082104.16707-1-johan+linaro@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/regmap/regmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/base/regmap/regmap.c ++++ b/drivers/base/regmap/regmap.c +@@ -1511,7 +1511,7 @@ static int dev_get_regmap_match(struct d + + /* If the user didn't specify a name match any */ + if (data) +- return !strcmp((*r)->name, data); ++ return (*r)->name && !strcmp((*r)->name, data); + else + return 1; + } diff --git a/queue-5.10/series b/queue-5.10/series index 28eac9f5677..0913939edfd 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -95,3 +95,7 @@ bluetooth-vhci-fix-race-when-opening-vhci-device.patch bluetooth-hci_event-fix-coding-style.patch bluetooth-avoid-memcmp-out-of-bounds-warning.patch ice-fix-over-shifted-variable.patch +ice-reset-first-in-crash-dump-kernels.patch +nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch +regmap-fix-null-deref-on-lookup.patch +kvm-x86-mask-lvtpc-when-handling-a-pmi.patch