From: Greg Kroah-Hartman Date: Tue, 1 Oct 2024 08:20:34 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.6.54~117 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fadbc28b8d95d24f502df7928c4fdc15202bab83;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: input-goodix-use-the-new-soc_intel_is_byt-helper.patch powercap-rapl-fix-invalid-initialization-for-pl4_supported-field.patch selinux-smack-don-t-bypass-permissions-check-in-inode_setsecctx-hook.patch vfio-pci-fix-potential-memory-leak-in-vfio_intx_enable.patch x86-mm-switch-to-new-intel-cpu-model-defines.patch --- diff --git a/queue-5.15/input-goodix-use-the-new-soc_intel_is_byt-helper.patch b/queue-5.15/input-goodix-use-the-new-soc_intel_is_byt-helper.patch new file mode 100644 index 00000000000..0b4b7306cdf --- /dev/null +++ b/queue-5.15/input-goodix-use-the-new-soc_intel_is_byt-helper.patch @@ -0,0 +1,61 @@ +From d176708ffc20332d1c730098d2b111e0b77ece82 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 28 Feb 2022 22:52:31 -0800 +Subject: Input: goodix - use the new soc_intel_is_byt() helper + +From: Hans de Goede + +commit d176708ffc20332d1c730098d2b111e0b77ece82 upstream. + +Use the new soc_intel_is_byt() helper from linux/platform_data/x86/soc.h. + +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20220131143539.109142-5-hdegoede@redhat.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Ricardo Neri +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/touchscreen/goodix.c | 18 ++---------------- + 1 file changed, 2 insertions(+), 16 deletions(-) + +--- a/drivers/input/touchscreen/goodix.c ++++ b/drivers/input/touchscreen/goodix.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -684,21 +685,6 @@ static int goodix_reset(struct goodix_ts + } + + #ifdef ACPI_GPIO_SUPPORT +-#include +-#include +- +-static const struct x86_cpu_id baytrail_cpu_ids[] = { +- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT, X86_FEATURE_ANY, }, +- {} +-}; +- +-static inline bool is_byt(void) +-{ +- const struct x86_cpu_id *id = x86_match_cpu(baytrail_cpu_ids); +- +- return !!id; +-} +- + static const struct acpi_gpio_params first_gpio = { 0, 0, false }; + static const struct acpi_gpio_params second_gpio = { 1, 0, false }; + +@@ -782,7 +768,7 @@ static int goodix_add_acpi_gpio_mappings + dev_info(dev, "Using ACPI INTI and INTO methods for IRQ pin access\n"); + ts->irq_pin_access_method = IRQ_PIN_ACCESS_ACPI_METHOD; + gpio_mapping = acpi_goodix_reset_only_gpios; +- } else if (is_byt() && ts->gpio_count == 2 && ts->gpio_int_idx == -1) { ++ } else if (soc_intel_is_byt() && ts->gpio_count == 2 && ts->gpio_int_idx == -1) { + dev_info(dev, "No ACPI GpioInt resource, assuming that the GPIO order is reset, int\n"); + ts->irq_pin_access_method = IRQ_PIN_ACCESS_ACPI_GPIO; + gpio_mapping = acpi_goodix_int_last_gpios; diff --git a/queue-5.15/powercap-rapl-fix-invalid-initialization-for-pl4_supported-field.patch b/queue-5.15/powercap-rapl-fix-invalid-initialization-for-pl4_supported-field.patch new file mode 100644 index 00000000000..798579ca61a --- /dev/null +++ b/queue-5.15/powercap-rapl-fix-invalid-initialization-for-pl4_supported-field.patch @@ -0,0 +1,52 @@ +From d05b5e0baf424c8c4b4709ac11f66ab726c8deaf Mon Sep 17 00:00:00 2001 +From: Sumeet Pawnikar +Date: Thu, 8 Jun 2023 08:00:06 +0530 +Subject: powercap: RAPL: fix invalid initialization for pl4_supported field + +From: Sumeet Pawnikar + +commit d05b5e0baf424c8c4b4709ac11f66ab726c8deaf upstream. + +The current initialization of the struct x86_cpu_id via +pl4_support_ids[] is partial and wrong. It is initializing +"stepping" field with "X86_FEATURE_ANY" instead of "feature" field. + +Use X86_MATCH_INTEL_FAM6_MODEL macro instead of initializing +each field of the struct x86_cpu_id for pl4_supported list of CPUs. +This X86_MATCH_INTEL_FAM6_MODEL macro internally uses another macro +X86_MATCH_VENDOR_FAM_MODEL_FEATURE for X86 based CPU matching with +appropriate initialized values. + +Reported-by: Dave Hansen +Link: https://lore.kernel.org/lkml/28ead36b-2d9e-1a36-6f4e-04684e420260@intel.com +Fixes: eb52bc2ae5b8 ("powercap: RAPL: Add Power Limit4 support for Meteor Lake SoC") +Fixes: b08b95cf30f5 ("powercap: RAPL: Add Power Limit4 support for Alder Lake-N and Raptor Lake-P") +Fixes: 515755906921 ("powercap: RAPL: Add Power Limit4 support for RaptorLake") +Fixes: 1cc5b9a411e4 ("powercap: Add Power Limit4 support for Alder Lake SoC") +Fixes: 8365a898fe53 ("powercap: Add Power Limit4 support") +Signed-off-by: Sumeet Pawnikar +Signed-off-by: Rafael J. Wysocki +[ Ricardo: I only kept TIGERLAKE, ALDERLAKE, and ALDERLAKE_L in + pl4_support_ids as only these models are enumerated before this + changeset. ] +Signed-off-by: Ricardo Neri +Signed-off-by: Greg Kroah-Hartman +--- + drivers/powercap/intel_rapl_msr.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/powercap/intel_rapl_msr.c ++++ b/drivers/powercap/intel_rapl_msr.c +@@ -136,9 +136,9 @@ static int rapl_msr_write_raw(int cpu, s + + /* List of verified CPUs. */ + static const struct x86_cpu_id pl4_support_ids[] = { +- { X86_VENDOR_INTEL, 6, INTEL_FAM6_TIGERLAKE_L, X86_FEATURE_ANY }, +- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ALDERLAKE, X86_FEATURE_ANY }, +- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ALDERLAKE_L, X86_FEATURE_ANY }, ++ X86_MATCH_INTEL_FAM6_MODEL(TIGERLAKE_L, NULL), ++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, NULL), ++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, NULL), + {} + }; + diff --git a/queue-5.15/selinux-smack-don-t-bypass-permissions-check-in-inode_setsecctx-hook.patch b/queue-5.15/selinux-smack-don-t-bypass-permissions-check-in-inode_setsecctx-hook.patch new file mode 100644 index 00000000000..3be778af02e --- /dev/null +++ b/queue-5.15/selinux-smack-don-t-bypass-permissions-check-in-inode_setsecctx-hook.patch @@ -0,0 +1,74 @@ +From 76a0e79bc84f466999fa501fce5bf7a07641b8a7 Mon Sep 17 00:00:00 2001 +From: Scott Mayhew +Date: Wed, 28 Aug 2024 15:51:29 -0400 +Subject: selinux,smack: don't bypass permissions check in inode_setsecctx hook + +From: Scott Mayhew + +commit 76a0e79bc84f466999fa501fce5bf7a07641b8a7 upstream. + +Marek Gresko reports that the root user on an NFS client is able to +change the security labels on files on an NFS filesystem that is +exported with root squashing enabled. + +The end of the kerneldoc comment for __vfs_setxattr_noperm() states: + + * This function requires the caller to lock the inode's i_mutex before it + * is executed. It also assumes that the caller will make the appropriate + * permission checks. + +nfsd_setattr() does do permissions checking via fh_verify() and +nfsd_permission(), but those don't do all the same permissions checks +that are done by security_inode_setxattr() and its related LSM hooks do. + +Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), +simplest solution appears to be to replace the call to +__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This +fixes the above issue and has the added benefit of causing nfsd to +recall conflicting delegations on a file when a client tries to change +its security label. + +Cc: stable@kernel.org +Reported-by: Marek Gresko +Link: https://bugzilla.kernel.org/show_bug.cgi?id=218809 +Signed-off-by: Scott Mayhew +Tested-by: Stephen Smalley +Reviewed-by: Stephen Smalley +Reviewed-by: Chuck Lever +Reviewed-by: Jeff Layton +Acked-by: Casey Schaufler +Signed-off-by: Paul Moore +[Shivani: Modified to apply on v5.15.y-v6.1.y] +Signed-off-by: Shivani Agarwal +Signed-off-by: Greg Kroah-Hartman +--- + security/selinux/hooks.c | 4 ++-- + security/smack/smack_lsm.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -6727,8 +6727,8 @@ static int selinux_inode_notifysecctx(st + */ + static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) + { +- return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SELINUX, +- ctx, ctxlen, 0); ++ return __vfs_setxattr_locked(&init_user_ns, dentry, XATTR_NAME_SELINUX, ++ ctx, ctxlen, 0, NULL); + } + + static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -4649,8 +4649,8 @@ static int smack_inode_notifysecctx(stru + + static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) + { +- return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, +- ctx, ctxlen, 0); ++ return __vfs_setxattr_locked(&init_user_ns, dentry, XATTR_NAME_SMACK, ++ ctx, ctxlen, 0, NULL); + } + + static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) diff --git a/queue-5.15/series b/queue-5.15/series index 0272955b7e9..333e655ccca 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -180,7 +180,6 @@ minmax-avoid-overly-complex-min-max-macro-arguments-.patch xen-introduce-generic-helper-checking-for-memory-map.patch xen-move-max_pfn-in-xen_memory_setup-out-of-function.patch xen-add-capability-to-remap-non-ram-pages-to-differe.patch -xen-tolerate-acpi-nvs-memory-overlapping-with-xen-al.patch selftests-vdso-fix-elf-hash-table-entry-size-for-s39.patch selftests-vdso-fix-vdso_config-for-s390.patch xen-swiotlb-add-alignment-check-for-dma-buffers.patch @@ -296,3 +295,8 @@ bonding-fix-unnecessary-warnings-and-logs-from-bond_.patch netfilter-nf_tables-keep-deleted-flowtable-hooks-unt.patch netfilter-ctnetlink-compile-ctnetlink_label_size-wit.patch drm-amd-display-fix-synaptics-cascaded-panamera-dsc-determination.patch +input-goodix-use-the-new-soc_intel_is_byt-helper.patch +powercap-rapl-fix-invalid-initialization-for-pl4_supported-field.patch +x86-mm-switch-to-new-intel-cpu-model-defines.patch +vfio-pci-fix-potential-memory-leak-in-vfio_intx_enable.patch +selinux-smack-don-t-bypass-permissions-check-in-inode_setsecctx-hook.patch diff --git a/queue-5.15/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enable.patch b/queue-5.15/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enable.patch new file mode 100644 index 00000000000..7e0b6b977a2 --- /dev/null +++ b/queue-5.15/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enable.patch @@ -0,0 +1,37 @@ +From 82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 Mon Sep 17 00:00:00 2001 +From: Ye Bin +Date: Mon, 15 Apr 2024 09:50:29 +0800 +Subject: vfio/pci: fix potential memory leak in vfio_intx_enable() + +From: Ye Bin + +commit 82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 upstream. + +If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. + +Fixes: 18c198c96a81 ("vfio/pci: Create persistent INTx handler") +Signed-off-by: Ye Bin +Reviewed-by: Kevin Tian +Acked-by: Reinette Chatre +Link: https://lore.kernel.org/r/20240415015029.3699844-1-yebin10@huawei.com +Signed-off-by: Alex Williamson +Signed-off-by: Oleksandr Tymoshenko +Signed-off-by: Greg Kroah-Hartman +--- + drivers/vfio/pci/vfio_pci_intrs.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/vfio/pci/vfio_pci_intrs.c ++++ b/drivers/vfio/pci/vfio_pci_intrs.c +@@ -181,8 +181,10 @@ static int vfio_intx_enable(struct vfio_ + return -ENOMEM; + + vdev->ctx = kzalloc(sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL); +- if (!vdev->ctx) ++ if (!vdev->ctx) { ++ kfree(name); + return -ENOMEM; ++ } + + vdev->num_ctx = 1; + diff --git a/queue-5.15/x86-mm-switch-to-new-intel-cpu-model-defines.patch b/queue-5.15/x86-mm-switch-to-new-intel-cpu-model-defines.patch new file mode 100644 index 00000000000..ffd90228fc1 --- /dev/null +++ b/queue-5.15/x86-mm-switch-to-new-intel-cpu-model-defines.patch @@ -0,0 +1,57 @@ +From 2eda374e883ad297bd9fe575a16c1dc850346075 Mon Sep 17 00:00:00 2001 +From: Tony Luck +Date: Wed, 24 Apr 2024 11:15:18 -0700 +Subject: x86/mm: Switch to new Intel CPU model defines + +From: Tony Luck + +commit 2eda374e883ad297bd9fe575a16c1dc850346075 upstream. + +New CPU #defines encode vendor and family as well as model. + +[ dhansen: vertically align 0's in invlpg_miss_ids[] ] + +Signed-off-by: Tony Luck +Signed-off-by: Dave Hansen +Signed-off-by: Borislav Petkov (AMD) +Link: https://lore.kernel.org/all/20240424181518.41946-1-tony.luck%40intel.com +[ Ricardo: I used the old match macro X86_MATCH_INTEL_FAM6_MODEL() + instead of X86_MATCH_VFM() as in the upstream commit. + I also kept the ALDERLAKE_N name instead of ATOM_GRACEMONT. Both refer + to the same CPU model. ] +Signed-off-by: Ricardo Neri +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/mm/init.c | 16 ++++++---------- + 1 file changed, 6 insertions(+), 10 deletions(-) + +--- a/arch/x86/mm/init.c ++++ b/arch/x86/mm/init.c +@@ -263,21 +263,17 @@ static void __init probe_page_size_mask( + } + } + +-#define INTEL_MATCH(_model) { .vendor = X86_VENDOR_INTEL, \ +- .family = 6, \ +- .model = _model, \ +- } + /* + * INVLPG may not properly flush Global entries + * on these CPUs when PCIDs are enabled. + */ + static const struct x86_cpu_id invlpg_miss_ids[] = { +- INTEL_MATCH(INTEL_FAM6_ALDERLAKE ), +- INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ), +- INTEL_MATCH(INTEL_FAM6_ALDERLAKE_N ), +- INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ), +- INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P), +- INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S), ++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), ++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), ++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0), ++ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), ++ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), ++ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + {} + }; + diff --git a/queue-5.15/xen-tolerate-acpi-nvs-memory-overlapping-with-xen-al.patch b/queue-5.15/xen-tolerate-acpi-nvs-memory-overlapping-with-xen-al.patch deleted file mode 100644 index 10c10dace20..00000000000 --- a/queue-5.15/xen-tolerate-acpi-nvs-memory-overlapping-with-xen-al.patch +++ /dev/null @@ -1,161 +0,0 @@ -From b9991477d70059e93a1f1819586a77aaf509149b Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 2 Aug 2024 20:14:22 +0200 -Subject: xen: tolerate ACPI NVS memory overlapping with Xen allocated memory -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Juergen Gross - -[ Upstream commit be35d91c8880650404f3bf813573222dfb106935 ] - -In order to minimize required special handling for running as Xen PV -dom0, the memory layout is modified to match that of the host. This -requires to have only RAM at the locations where Xen allocated memory -is living. Unfortunately there seem to be some machines, where ACPI -NVS is located at 64 MB, resulting in a conflict with the loaded -kernel or the initial page tables built by Xen. - -Avoid this conflict by swapping the ACPI NVS area in the memory map -with unused RAM. This is possible via modification of the dom0 P2M map. -Accesses to the ACPI NVS area are done either for saving and restoring -it across suspend operations (this will work the same way as before), -or by ACPI code when NVS memory is referenced from other ACPI tables. -The latter case is handled by a Xen specific indirection of -acpi_os_ioremap(). - -While the E820 map can (and should) be modified right away, the P2M -map can be updated only after memory allocation is working, as the P2M -map might need to be extended. - -Fixes: 808fdb71936c ("xen: check for kernel memory conflicting with memory layout") -Signed-off-by: Juergen Gross -Tested-by: Marek Marczykowski-Górecki -Reviewed-by: Jan Beulich -Signed-off-by: Juergen Gross -Signed-off-by: Sasha Levin ---- - arch/x86/xen/setup.c | 92 +++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 91 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c -index ffe2b3918cbb2..5126b5b79383b 100644 ---- a/arch/x86/xen/setup.c -+++ b/arch/x86/xen/setup.c -@@ -539,6 +539,8 @@ void __init xen_remap_memory(void) - set_pte_mfn(buf, mfn_save, PAGE_KERNEL); - - pr_info("Remapped %ld page(s)\n", remapped); -+ -+ xen_do_remap_nonram(); - } - - static unsigned long __init xen_get_pages_limit(void) -@@ -669,14 +671,102 @@ phys_addr_t __init xen_find_free_area(phys_addr_t size) - return 0; - } - -+/* -+ * Swap a non-RAM E820 map entry with RAM above ini_nr_pages. -+ * Note that the E820 map is modified accordingly, but the P2M map isn't yet. -+ * The adaption of the P2M must be deferred until page allocation is possible. -+ */ -+static void __init xen_e820_swap_entry_with_ram(struct e820_entry *swap_entry) -+{ -+ struct e820_entry *entry; -+ unsigned int mapcnt; -+ phys_addr_t mem_end = PFN_PHYS(ini_nr_pages); -+ phys_addr_t swap_addr, swap_size, entry_end; -+ -+ swap_addr = PAGE_ALIGN_DOWN(swap_entry->addr); -+ swap_size = PAGE_ALIGN(swap_entry->addr - swap_addr + swap_entry->size); -+ entry = xen_e820_table.entries; -+ -+ for (mapcnt = 0; mapcnt < xen_e820_table.nr_entries; mapcnt++) { -+ entry_end = entry->addr + entry->size; -+ if (entry->type == E820_TYPE_RAM && entry->size >= swap_size && -+ entry_end - swap_size >= mem_end) { -+ /* Reduce RAM entry by needed space (whole pages). */ -+ entry->size -= swap_size; -+ -+ /* Add new entry at the end of E820 map. */ -+ entry = xen_e820_table.entries + -+ xen_e820_table.nr_entries; -+ xen_e820_table.nr_entries++; -+ -+ /* Fill new entry (keep size and page offset). */ -+ entry->type = swap_entry->type; -+ entry->addr = entry_end - swap_size + -+ swap_addr - swap_entry->addr; -+ entry->size = swap_entry->size; -+ -+ /* Convert old entry to RAM, align to pages. */ -+ swap_entry->type = E820_TYPE_RAM; -+ swap_entry->addr = swap_addr; -+ swap_entry->size = swap_size; -+ -+ /* Remember PFN<->MFN relation for P2M update. */ -+ xen_add_remap_nonram(swap_addr, entry_end - swap_size, -+ swap_size); -+ -+ /* Order E820 table and merge entries. */ -+ e820__update_table(&xen_e820_table); -+ -+ return; -+ } -+ -+ entry++; -+ } -+ -+ xen_raw_console_write("No suitable area found for required E820 entry remapping action\n"); -+ BUG(); -+} -+ -+/* -+ * Look for non-RAM memory types in a specific guest physical area and move -+ * those away if possible (ACPI NVS only for now). -+ */ -+static void __init xen_e820_resolve_conflicts(phys_addr_t start, -+ phys_addr_t size) -+{ -+ struct e820_entry *entry; -+ unsigned int mapcnt; -+ phys_addr_t end; -+ -+ if (!size) -+ return; -+ -+ end = start + size; -+ entry = xen_e820_table.entries; -+ -+ for (mapcnt = 0; mapcnt < xen_e820_table.nr_entries; mapcnt++) { -+ if (entry->addr >= end) -+ return; -+ -+ if (entry->addr + entry->size > start && -+ entry->type == E820_TYPE_NVS) -+ xen_e820_swap_entry_with_ram(entry); -+ -+ entry++; -+ } -+} -+ - /* - * Check for an area in physical memory to be usable for non-movable purposes. -- * An area is considered to usable if the used E820 map lists it to be RAM. -+ * An area is considered to usable if the used E820 map lists it to be RAM or -+ * some other type which can be moved to higher PFNs while keeping the MFNs. - * In case the area is not usable, crash the system with an error message. - */ - void __init xen_chk_is_e820_usable(phys_addr_t start, phys_addr_t size, - const char *component) - { -+ xen_e820_resolve_conflicts(start, size); -+ - if (!xen_is_e820_reserved(start, size)) - return; - --- -2.43.0 -