From: Greg Kroah-Hartman Date: Thu, 29 Aug 2024 16:26:07 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v4.19.321~82 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e68cdef4f5cf0fc58d43f7dd228861d172dce7db;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu_vce_cs_reloc.patch kvm-arm64-don-t-use-cbz-adr-with-external-symbols.patch pinctrl-rockchip-correct-rk3328-iomux-width-flag-for-gpio2-b-pins.patch pinctrl-single-fix-potential-null-dereference-in-pcs_get_function.patch --- diff --git a/queue-5.10/drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu_vce_cs_reloc.patch b/queue-5.10/drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu_vce_cs_reloc.patch new file mode 100644 index 00000000000..a4010807894 --- /dev/null +++ b/queue-5.10/drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu_vce_cs_reloc.patch @@ -0,0 +1,39 @@ +From 88a9a467c548d0b3c7761b4fd54a68e70f9c0944 Mon Sep 17 00:00:00 2001 +From: Jesse Zhang +Date: Wed, 24 Apr 2024 17:10:46 +0800 +Subject: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jesse Zhang + +commit 88a9a467c548d0b3c7761b4fd54a68e70f9c0944 upstream. + +Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. +V2: To really improve the handling we would actually + need to have a separate value of 0xffffffff.(Christian) + +Signed-off-by: Jesse Zhang +Suggested-by: Christian König +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +Signed-off-by: Vamsi Krishna Brahmajosyula +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c +@@ -725,7 +725,8 @@ int amdgpu_vce_ring_parse_cs(struct amdg + uint32_t created = 0; + uint32_t allocated = 0; + uint32_t tmp, handle = 0; +- uint32_t *size = &tmp; ++ uint32_t dummy = 0xffffffff; ++ uint32_t *size = &dummy; + unsigned idx; + int i, r = 0; + diff --git a/queue-5.10/kvm-arm64-don-t-use-cbz-adr-with-external-symbols.patch b/queue-5.10/kvm-arm64-don-t-use-cbz-adr-with-external-symbols.patch new file mode 100644 index 00000000000..38cec99fed7 --- /dev/null +++ b/queue-5.10/kvm-arm64-don-t-use-cbz-adr-with-external-symbols.patch @@ -0,0 +1,64 @@ +From dbaee836d60a8e1b03e7d53a37893235662ba124 Mon Sep 17 00:00:00 2001 +From: Sami Tolvanen +Date: Fri, 5 Mar 2021 12:21:24 -0800 +Subject: KVM: arm64: Don't use cbz/adr with external symbols + +From: Sami Tolvanen + +commit dbaee836d60a8e1b03e7d53a37893235662ba124 upstream. + +allmodconfig + CONFIG_LTO_CLANG_THIN=y fails to build due to following +linker errors: + + ld.lld: error: irqbypass.c:(function __guest_enter: .text+0x21CC): + relocation R_AARCH64_CONDBR19 out of range: 2031220 is not in + [-1048576, 1048575]; references hyp_panic + >>> defined in vmlinux.o + + ld.lld: error: irqbypass.c:(function __guest_enter: .text+0x21E0): + relocation R_AARCH64_ADR_PREL_LO21 out of range: 2031200 is not in + [-1048576, 1048575]; references hyp_panic + >>> defined in vmlinux.o + +This is because with LTO, the compiler ends up placing hyp_panic() +more than 1MB away from __guest_enter(). Use an unconditional branch +and adr_l instead to fix the issue. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1317 +Reported-by: Nathan Chancellor +Suggested-by: Marc Zyngier +Suggested-by: Ard Biesheuvel +Signed-off-by: Sami Tolvanen +Reviewed-by: Kees Cook +Acked-by: Will Deacon +Tested-by: Nathan Chancellor +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20210305202124.3768527-1-samitolvanen@google.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kvm/hyp/entry.S | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kvm/hyp/entry.S ++++ b/arch/arm64/kvm/hyp/entry.S +@@ -85,8 +85,10 @@ SYM_INNER_LABEL(__guest_exit_panic, SYM_ + + // If the hyp context is loaded, go straight to hyp_panic + get_loaded_vcpu x0, x1 +- cbz x0, hyp_panic ++ cbnz x0, 1f ++ b hyp_panic + ++1: + // The hyp context is saved so make sure it is restored to allow + // hyp_panic to run at hyp and, subsequently, panic to run in the host. + // This makes use of __guest_exit to avoid duplication but sets the +@@ -94,7 +96,7 @@ SYM_INNER_LABEL(__guest_exit_panic, SYM_ + // current state is saved to the guest context but it will only be + // accurate if the guest had been completely restored. + adr_this_cpu x0, kvm_hyp_ctxt, x1 +- adr x1, hyp_panic ++ adr_l x1, hyp_panic + str x1, [x0, #CPU_XREG_OFFSET(30)] + + get_vcpu_ptr x1, x0 diff --git a/queue-5.10/pinctrl-rockchip-correct-rk3328-iomux-width-flag-for-gpio2-b-pins.patch b/queue-5.10/pinctrl-rockchip-correct-rk3328-iomux-width-flag-for-gpio2-b-pins.patch new file mode 100644 index 00000000000..a2c0075bae8 --- /dev/null +++ b/queue-5.10/pinctrl-rockchip-correct-rk3328-iomux-width-flag-for-gpio2-b-pins.patch @@ -0,0 +1,52 @@ +From 128f71fe014fc91efa1407ce549f94a9a9f1072c Mon Sep 17 00:00:00 2001 +From: Huang-Huang Bao +Date: Tue, 9 Jul 2024 18:54:28 +0800 +Subject: pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins + +From: Huang-Huang Bao + +commit 128f71fe014fc91efa1407ce549f94a9a9f1072c upstream. + +The base iomux offsets for each GPIO pin line are accumulatively +calculated based off iomux width flag in rockchip_pinctrl_get_soc_data. +If the iomux width flag is one of IOMUX_WIDTH_4BIT, IOMUX_WIDTH_3BIT or +IOMUX_WIDTH_2BIT, the base offset for next pin line would increase by 8 +bytes, otherwise it would increase by 4 bytes. + +Despite most of GPIO2-B iomux have 2-bit data width, which can be fit +into 4 bytes space with write mask, it actually take 8 bytes width for +whole GPIO2-B line. + +Commit e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328 +GPIO2-B pins") wrongly set iomux width flag to 0, causing all base +iomux offset for line after GPIO2-B to be calculated wrong. Fix the +iomux width flag to IOMUX_WIDTH_2BIT so the offset after GPIO2-B is +correctly increased by 8, matching the actual width of GPIO2-B iomux. + +Fixes: e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins") +Cc: stable@vger.kernel.org +Reported-by: Richard Kojedzinszky +Closes: https://lore.kernel.org/linux-rockchip/4f29b743202397d60edfb3c725537415@kojedz.in/ +Tested-by: Richard Kojedzinszky +Signed-off-by: Huang-Huang Bao +Reviewed-by: Heiko Stuebner +Tested-by: Daniel Golle +Tested-by: Trevor Woerner +Link: https://lore.kernel.org/20240709105428.1176375-1-i@eh5.me +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/pinctrl-rockchip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pinctrl/pinctrl-rockchip.c ++++ b/drivers/pinctrl/pinctrl-rockchip.c +@@ -3695,7 +3695,7 @@ static struct rockchip_pin_bank rk3328_p + PIN_BANK_IOMUX_FLAGS(0, 32, "gpio0", 0, 0, 0, 0), + PIN_BANK_IOMUX_FLAGS(1, 32, "gpio1", 0, 0, 0, 0), + PIN_BANK_IOMUX_FLAGS(2, 32, "gpio2", 0, +- 0, ++ IOMUX_WIDTH_2BIT, + IOMUX_WIDTH_3BIT, + 0), + PIN_BANK_IOMUX_FLAGS(3, 32, "gpio3", diff --git a/queue-5.10/pinctrl-single-fix-potential-null-dereference-in-pcs_get_function.patch b/queue-5.10/pinctrl-single-fix-potential-null-dereference-in-pcs_get_function.patch new file mode 100644 index 00000000000..b98c753edf1 --- /dev/null +++ b/queue-5.10/pinctrl-single-fix-potential-null-dereference-in-pcs_get_function.patch @@ -0,0 +1,36 @@ +From 1c38a62f15e595346a1106025722869e87ffe044 Mon Sep 17 00:00:00 2001 +From: Ma Ke +Date: Thu, 8 Aug 2024 12:13:55 +0800 +Subject: pinctrl: single: fix potential NULL dereference in pcs_get_function() + +From: Ma Ke + +commit 1c38a62f15e595346a1106025722869e87ffe044 upstream. + +pinmux_generic_get_function() can return NULL and the pointer 'function' +was dereferenced without checking against NULL. Add checking of pointer +'function' in pcs_get_function(). + +Found by code review. + +Cc: stable@vger.kernel.org +Fixes: 571aec4df5b7 ("pinctrl: single: Use generic pinmux helpers for managing functions") +Signed-off-by: Ma Ke +Link: https://lore.kernel.org/20240808041355.2766009-1-make24@iscas.ac.cn +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/pinctrl-single.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/pinctrl/pinctrl-single.c ++++ b/drivers/pinctrl/pinctrl-single.c +@@ -350,6 +350,8 @@ static int pcs_get_function(struct pinct + return -ENOTSUPP; + fselector = setting->func; + function = pinmux_generic_get_function(pctldev, fselector); ++ if (!function) ++ return -EINVAL; + *func = function->data; + if (!(*func)) { + dev_err(pcs->dev, "%s could not find function%i\n", diff --git a/queue-5.10/series b/queue-5.10/series index e66b1da3bec..6a1fc6fc869 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -120,3 +120,7 @@ nfsd-don-t-call-freezable_schedule_timeout-after-each-successful-page-allocation bluetooth-hci_ldisc-check-hci_uart_proto_ready-flag-in-hciuartgetproto.patch input-mt-limit-max-slots.patch tools-move-alignment-related-macros-to-new-linux-align.h.patch +drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu_vce_cs_reloc.patch +kvm-arm64-don-t-use-cbz-adr-with-external-symbols.patch +pinctrl-rockchip-correct-rk3328-iomux-width-flag-for-gpio2-b-pins.patch +pinctrl-single-fix-potential-null-dereference-in-pcs_get_function.patch