From 2159da98369e966a9353cace6c0b96e48e702fc3 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sat, 8 Oct 2022 22:12:27 -0400 Subject: [PATCH] Fixes for 4.19 Signed-off-by: Sasha Levin --- ...-sdio-compatible-remove-sdhci-misnom.patch | 77 ++++++++ ..._dma-cleanup-for-fetching-xlnx-num-f.patch | 35 ++++ ..._dma-report-error-in-case-of-dma_set.patch | 47 +++++ ...mi-add-scmi-pm-driver-remove-routine.patch | 81 ++++++++ ...ix-uninit-value-bug-in-dgram_sendmsg.patch | 173 ++++++++++++++++++ ...i-qedf-fix-a-uaf-bug-in-__qedf_probe.patch | 76 ++++++++ queue-4.19/series | 8 + ...iler-warning-in-arch-x86-um-tls_32.c.patch | 70 +++++++ ...call_handler_t-cast-in-syscalls_32.h.patch | 41 +++++ 9 files changed, 608 insertions(+) create mode 100644 queue-4.19/arm-dts-fix-moxa-sdio-compatible-remove-sdhci-misnom.patch create mode 100644 queue-4.19/dmaengine-xilinx_dma-cleanup-for-fetching-xlnx-num-f.patch create mode 100644 queue-4.19/dmaengine-xilinx_dma-report-error-in-case-of-dma_set.patch create mode 100644 queue-4.19/firmware-arm_scmi-add-scmi-pm-driver-remove-routine.patch create mode 100644 queue-4.19/net-ieee802154-fix-uninit-value-bug-in-dgram_sendmsg.patch create mode 100644 queue-4.19/scsi-qedf-fix-a-uaf-bug-in-__qedf_probe.patch create mode 100644 queue-4.19/um-cleanup-compiler-warning-in-arch-x86-um-tls_32.c.patch create mode 100644 queue-4.19/um-cleanup-syscall_handler_t-cast-in-syscalls_32.h.patch diff --git a/queue-4.19/arm-dts-fix-moxa-sdio-compatible-remove-sdhci-misnom.patch b/queue-4.19/arm-dts-fix-moxa-sdio-compatible-remove-sdhci-misnom.patch new file mode 100644 index 00000000000..c45913c8c79 --- /dev/null +++ b/queue-4.19/arm-dts-fix-moxa-sdio-compatible-remove-sdhci-misnom.patch @@ -0,0 +1,77 @@ +From 3af5a5c55aecfa23747084b49f2621adc6905c48 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Sep 2022 20:53:41 +0300 +Subject: ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer + +From: Sergei Antonov + +[ Upstream commit 02181e68275d28cab3c3f755852770367f1bc229 ] + +Driver moxart-mmc.c has .compatible = "moxa,moxart-mmc". + +But moxart .dts/.dtsi and the documentation file moxa,moxart-dma.txt +contain compatible = "moxa,moxart-sdhci". + +Change moxart .dts/.dtsi files and moxa,moxart-dma.txt to match the driver. + +Replace 'sdhci' with 'mmc' in names too, since SDHCI is a different +controller from FTSDC010. + +Suggested-by: Arnd Bergmann +Signed-off-by: Sergei Antonov +Cc: Jonas Jensen +Link: https://lore.kernel.org/r/20220907175341.1477383-1-saproj@gmail.com' +Signed-off-by: Arnd Bergmann +Signed-off-by: Sasha Levin +--- + Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt | 4 ++-- + arch/arm/boot/dts/moxart-uc7112lx.dts | 2 +- + arch/arm/boot/dts/moxart.dtsi | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt b/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt +index 8a9f3559335b..7e14e26676ec 100644 +--- a/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt ++++ b/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt +@@ -34,8 +34,8 @@ Example: + Use specific request line passing from dma + For example, MMC request line is 5 + +- sdhci: sdhci@98e00000 { +- compatible = "moxa,moxart-sdhci"; ++ mmc: mmc@98e00000 { ++ compatible = "moxa,moxart-mmc"; + reg = <0x98e00000 0x5C>; + interrupts = <5 0>; + clocks = <&clk_apb>; +diff --git a/arch/arm/boot/dts/moxart-uc7112lx.dts b/arch/arm/boot/dts/moxart-uc7112lx.dts +index 4a962a26482d..59d8775a3a93 100644 +--- a/arch/arm/boot/dts/moxart-uc7112lx.dts ++++ b/arch/arm/boot/dts/moxart-uc7112lx.dts +@@ -80,7 +80,7 @@ &clk_pll { + clocks = <&ref12>; + }; + +-&sdhci { ++&mmc { + status = "okay"; + }; + +diff --git a/arch/arm/boot/dts/moxart.dtsi b/arch/arm/boot/dts/moxart.dtsi +index da7b3237bfe9..804a2bc6ec82 100644 +--- a/arch/arm/boot/dts/moxart.dtsi ++++ b/arch/arm/boot/dts/moxart.dtsi +@@ -93,8 +93,8 @@ watchdog: watchdog@98500000 { + clock-names = "PCLK"; + }; + +- sdhci: sdhci@98e00000 { +- compatible = "moxa,moxart-sdhci"; ++ mmc: mmc@98e00000 { ++ compatible = "moxa,moxart-mmc"; + reg = <0x98e00000 0x5C>; + interrupts = <5 IRQ_TYPE_LEVEL_HIGH>; + clocks = <&clk_apb>; +-- +2.35.1 + diff --git a/queue-4.19/dmaengine-xilinx_dma-cleanup-for-fetching-xlnx-num-f.patch b/queue-4.19/dmaengine-xilinx_dma-cleanup-for-fetching-xlnx-num-f.patch new file mode 100644 index 00000000000..d24d55fbe08 --- /dev/null +++ b/queue-4.19/dmaengine-xilinx_dma-cleanup-for-fetching-xlnx-num-f.patch @@ -0,0 +1,35 @@ +From a56cd295543cd52349059788380b472016bdc2e0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Aug 2022 11:41:24 +0530 +Subject: dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property + +From: Swati Agarwal + +[ Upstream commit 462bce790e6a7e68620a4ce260cc38f7ed0255d5 ] + +Free the allocated resources for missing xlnx,num-fstores property. + +Signed-off-by: Swati Agarwal +Link: https://lore.kernel.org/r/20220817061125.4720-3-swati.agarwal@xilinx.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/xilinx/xilinx_dma.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dma.c +index 3f38df6b51f2..f72803587b8f 100644 +--- a/drivers/dma/xilinx/xilinx_dma.c ++++ b/drivers/dma/xilinx/xilinx_dma.c +@@ -2654,7 +2654,7 @@ static int xilinx_dma_probe(struct platform_device *pdev) + if (err < 0) { + dev_err(xdev->dev, + "missing xlnx,num-fstores property\n"); +- return err; ++ goto disable_clks; + } + + err = of_property_read_u32(node, "xlnx,flush-fsync", +-- +2.35.1 + diff --git a/queue-4.19/dmaengine-xilinx_dma-report-error-in-case-of-dma_set.patch b/queue-4.19/dmaengine-xilinx_dma-report-error-in-case-of-dma_set.patch new file mode 100644 index 00000000000..b52e004342d --- /dev/null +++ b/queue-4.19/dmaengine-xilinx_dma-report-error-in-case-of-dma_set.patch @@ -0,0 +1,47 @@ +From d2e7b86e0794ac6b93cb710e21c33a9f74aee758 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Aug 2022 11:41:25 +0530 +Subject: dmaengine: xilinx_dma: Report error in case of + dma_set_mask_and_coherent API failure + +From: Swati Agarwal + +[ Upstream commit 8f2b6bc79c32f0fa60df000ae387a790ec80eae9 ] + +The driver does not handle the failure case while calling +dma_set_mask_and_coherent API. + +In case of failure, capture the return value of API and then report an +error. + +Addresses-coverity: Unchecked return value (CHECKED_RETURN) + +Signed-off-by: Swati Agarwal +Reviewed-by: Radhey Shyam Pandey +Link: https://lore.kernel.org/r/20220817061125.4720-4-swati.agarwal@xilinx.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/xilinx/xilinx_dma.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dma.c +index f72803587b8f..0ba70be4ea85 100644 +--- a/drivers/dma/xilinx/xilinx_dma.c ++++ b/drivers/dma/xilinx/xilinx_dma.c +@@ -2674,7 +2674,11 @@ static int xilinx_dma_probe(struct platform_device *pdev) + xdev->ext_addr = false; + + /* Set the dma mask bits */ +- dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); ++ err = dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); ++ if (err < 0) { ++ dev_err(xdev->dev, "DMA mask error %d\n", err); ++ goto disable_clks; ++ } + + /* Initialize the DMA engine */ + xdev->common.dev = &pdev->dev; +-- +2.35.1 + diff --git a/queue-4.19/firmware-arm_scmi-add-scmi-pm-driver-remove-routine.patch b/queue-4.19/firmware-arm_scmi-add-scmi-pm-driver-remove-routine.patch new file mode 100644 index 00000000000..4d53afbbbe0 --- /dev/null +++ b/queue-4.19/firmware-arm_scmi-add-scmi-pm-driver-remove-routine.patch @@ -0,0 +1,81 @@ +From 5bed4620cd2aaa31ba0c9e55cef6d004763b61b6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Aug 2022 18:27:31 +0100 +Subject: firmware: arm_scmi: Add SCMI PM driver remove routine + +From: Cristian Marussi + +[ Upstream commit dea796fcab0a219830831c070b8dc367d7e0f708 ] + +Currently, when removing the SCMI PM driver not all the resources +registered with genpd subsystem are properly de-registered. + +As a side effect of this after a driver unload/load cycle you get a +splat with a few warnings like this: + + | debugfs: Directory 'BIG_CPU0' with parent 'pm_genpd' already present! + | debugfs: Directory 'BIG_CPU1' with parent 'pm_genpd' already present! + | debugfs: Directory 'LITTLE_CPU0' with parent 'pm_genpd' already present! + | debugfs: Directory 'LITTLE_CPU1' with parent 'pm_genpd' already present! + | debugfs: Directory 'LITTLE_CPU2' with parent 'pm_genpd' already present! + | debugfs: Directory 'LITTLE_CPU3' with parent 'pm_genpd' already present! + | debugfs: Directory 'BIG_SSTOP' with parent 'pm_genpd' already present! + | debugfs: Directory 'LITTLE_SSTOP' with parent 'pm_genpd' already present! + | debugfs: Directory 'DBGSYS' with parent 'pm_genpd' already present! + | debugfs: Directory 'GPUTOP' with parent 'pm_genpd' already present! + +Add a proper scmi_pm_domain_remove callback to the driver in order to +take care of all the needed cleanups not handled by devres framework. + +Link: https://lore.kernel.org/r/20220817172731.1185305-7-cristian.marussi@arm.com +Signed-off-by: Cristian Marussi +Signed-off-by: Sudeep Holla +Signed-off-by: Sasha Levin +--- + drivers/firmware/arm_scmi/scmi_pm_domain.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/drivers/firmware/arm_scmi/scmi_pm_domain.c b/drivers/firmware/arm_scmi/scmi_pm_domain.c +index 177874adccf0..b0c8962b9885 100644 +--- a/drivers/firmware/arm_scmi/scmi_pm_domain.c ++++ b/drivers/firmware/arm_scmi/scmi_pm_domain.c +@@ -106,9 +106,28 @@ static int scmi_pm_domain_probe(struct scmi_device *sdev) + scmi_pd_data->domains = domains; + scmi_pd_data->num_domains = num_domains; + ++ dev_set_drvdata(dev, scmi_pd_data); ++ + return of_genpd_add_provider_onecell(np, scmi_pd_data); + } + ++static void scmi_pm_domain_remove(struct scmi_device *sdev) ++{ ++ int i; ++ struct genpd_onecell_data *scmi_pd_data; ++ struct device *dev = &sdev->dev; ++ struct device_node *np = dev->of_node; ++ ++ of_genpd_del_provider(np); ++ ++ scmi_pd_data = dev_get_drvdata(dev); ++ for (i = 0; i < scmi_pd_data->num_domains; i++) { ++ if (!scmi_pd_data->domains[i]) ++ continue; ++ pm_genpd_remove(scmi_pd_data->domains[i]); ++ } ++} ++ + static const struct scmi_device_id scmi_id_table[] = { + { SCMI_PROTOCOL_POWER }, + { }, +@@ -118,6 +137,7 @@ MODULE_DEVICE_TABLE(scmi, scmi_id_table); + static struct scmi_driver scmi_power_domain_driver = { + .name = "scmi-power-domain", + .probe = scmi_pm_domain_probe, ++ .remove = scmi_pm_domain_remove, + .id_table = scmi_id_table, + }; + module_scmi_driver(scmi_power_domain_driver); +-- +2.35.1 + diff --git a/queue-4.19/net-ieee802154-fix-uninit-value-bug-in-dgram_sendmsg.patch b/queue-4.19/net-ieee802154-fix-uninit-value-bug-in-dgram_sendmsg.patch new file mode 100644 index 00000000000..df9796e8427 --- /dev/null +++ b/queue-4.19/net-ieee802154-fix-uninit-value-bug-in-dgram_sendmsg.patch @@ -0,0 +1,173 @@ +From 0f46bc546583c4a77fce88461dc31bd61f85de00 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Sep 2022 20:19:27 +0800 +Subject: net/ieee802154: fix uninit value bug in dgram_sendmsg + +From: Haimin Zhang + +[ Upstream commit 94160108a70c8af17fa1484a37e05181c0e094af ] + +There is uninit value bug in dgram_sendmsg function in +net/ieee802154/socket.c when the length of valid data pointed by the +msg->msg_name isn't verified. + +We introducing a helper function ieee802154_sockaddr_check_size to +check namelen. First we check there is addr_type in ieee802154_addr_sa. +Then, we check namelen according to addr_type. + +Also fixed in raw_bind, dgram_bind, dgram_connect. + +Signed-off-by: Haimin Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + include/net/ieee802154_netdev.h | 37 +++++++++++++++++++++++++++++ + net/ieee802154/socket.c | 42 ++++++++++++++++++--------------- + 2 files changed, 60 insertions(+), 19 deletions(-) + +diff --git a/include/net/ieee802154_netdev.h b/include/net/ieee802154_netdev.h +index c4b31601cd53..fd1665baa179 100644 +--- a/include/net/ieee802154_netdev.h ++++ b/include/net/ieee802154_netdev.h +@@ -23,6 +23,22 @@ + #ifndef IEEE802154_NETDEVICE_H + #define IEEE802154_NETDEVICE_H + ++#define IEEE802154_REQUIRED_SIZE(struct_type, member) \ ++ (offsetof(typeof(struct_type), member) + \ ++ sizeof(((typeof(struct_type) *)(NULL))->member)) ++ ++#define IEEE802154_ADDR_OFFSET \ ++ offsetof(typeof(struct sockaddr_ieee802154), addr) ++ ++#define IEEE802154_MIN_NAMELEN (IEEE802154_ADDR_OFFSET + \ ++ IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, addr_type)) ++ ++#define IEEE802154_NAMELEN_SHORT (IEEE802154_ADDR_OFFSET + \ ++ IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, short_addr)) ++ ++#define IEEE802154_NAMELEN_LONG (IEEE802154_ADDR_OFFSET + \ ++ IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, hwaddr)) ++ + #include + #include + #include +@@ -173,6 +189,27 @@ static inline void ieee802154_devaddr_to_raw(void *raw, __le64 addr) + memcpy(raw, &temp, IEEE802154_ADDR_LEN); + } + ++static inline int ++ieee802154_sockaddr_check_size(struct sockaddr_ieee802154 *daddr, int len) ++{ ++ struct ieee802154_addr_sa *sa; ++ ++ sa = &daddr->addr; ++ if (len < IEEE802154_MIN_NAMELEN) ++ return -EINVAL; ++ switch (sa->addr_type) { ++ case IEEE802154_ADDR_SHORT: ++ if (len < IEEE802154_NAMELEN_SHORT) ++ return -EINVAL; ++ break; ++ case IEEE802154_ADDR_LONG: ++ if (len < IEEE802154_NAMELEN_LONG) ++ return -EINVAL; ++ break; ++ } ++ return 0; ++} ++ + static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a, + const struct ieee802154_addr_sa *sa) + { +diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c +index 14c6fac039f9..80495c88bfb9 100644 +--- a/net/ieee802154/socket.c ++++ b/net/ieee802154/socket.c +@@ -213,8 +213,9 @@ static int raw_bind(struct sock *sk, struct sockaddr *_uaddr, int len) + int err = 0; + struct net_device *dev = NULL; + +- if (len < sizeof(*uaddr)) +- return -EINVAL; ++ err = ieee802154_sockaddr_check_size(uaddr, len); ++ if (err < 0) ++ return err; + + uaddr = (struct sockaddr_ieee802154 *)_uaddr; + if (uaddr->family != AF_IEEE802154) +@@ -509,7 +510,8 @@ static int dgram_bind(struct sock *sk, struct sockaddr *uaddr, int len) + + ro->bound = 0; + +- if (len < sizeof(*addr)) ++ err = ieee802154_sockaddr_check_size(addr, len); ++ if (err < 0) + goto out; + + if (addr->family != AF_IEEE802154) +@@ -580,8 +582,9 @@ static int dgram_connect(struct sock *sk, struct sockaddr *uaddr, + struct dgram_sock *ro = dgram_sk(sk); + int err = 0; + +- if (len < sizeof(*addr)) +- return -EINVAL; ++ err = ieee802154_sockaddr_check_size(addr, len); ++ if (err < 0) ++ return err; + + if (addr->family != AF_IEEE802154) + return -EINVAL; +@@ -620,6 +623,7 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) + struct ieee802154_mac_cb *cb; + struct dgram_sock *ro = dgram_sk(sk); + struct ieee802154_addr dst_addr; ++ DECLARE_SOCKADDR(struct sockaddr_ieee802154*, daddr, msg->msg_name); + int hlen, tlen; + int err; + +@@ -628,10 +632,20 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) + return -EOPNOTSUPP; + } + +- if (!ro->connected && !msg->msg_name) +- return -EDESTADDRREQ; +- else if (ro->connected && msg->msg_name) +- return -EISCONN; ++ if (msg->msg_name) { ++ if (ro->connected) ++ return -EISCONN; ++ if (msg->msg_namelen < IEEE802154_MIN_NAMELEN) ++ return -EINVAL; ++ err = ieee802154_sockaddr_check_size(daddr, msg->msg_namelen); ++ if (err < 0) ++ return err; ++ ieee802154_addr_from_sa(&dst_addr, &daddr->addr); ++ } else { ++ if (!ro->connected) ++ return -EDESTADDRREQ; ++ dst_addr = ro->dst_addr; ++ } + + if (!ro->bound) + dev = dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154); +@@ -667,16 +681,6 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) + cb = mac_cb_init(skb); + cb->type = IEEE802154_FC_TYPE_DATA; + cb->ackreq = ro->want_ack; +- +- if (msg->msg_name) { +- DECLARE_SOCKADDR(struct sockaddr_ieee802154*, +- daddr, msg->msg_name); +- +- ieee802154_addr_from_sa(&dst_addr, &daddr->addr); +- } else { +- dst_addr = ro->dst_addr; +- } +- + cb->secen = ro->secen; + cb->secen_override = ro->secen_override; + cb->seclevel = ro->seclevel; +-- +2.35.1 + diff --git a/queue-4.19/scsi-qedf-fix-a-uaf-bug-in-__qedf_probe.patch b/queue-4.19/scsi-qedf-fix-a-uaf-bug-in-__qedf_probe.patch new file mode 100644 index 00000000000..8704a19fce3 --- /dev/null +++ b/queue-4.19/scsi-qedf-fix-a-uaf-bug-in-__qedf_probe.patch @@ -0,0 +1,76 @@ +From 83985fba833d72e97bf27bc6cb2987ec92e6aad6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 Nov 2021 20:06:41 +0800 +Subject: scsi: qedf: Fix a UAF bug in __qedf_probe() + +From: Letu Ren + +[ Upstream commit fbfe96869b782364caebae0445763969ddb6ea67 ] + +In __qedf_probe(), if qedf->cdev is NULL which means +qed_ops->common->probe() failed, then the program will goto label err1, and +scsi_host_put() will free lport->host pointer. Because the memory qedf +points to is allocated by libfc_host_alloc(), it will be freed by +scsi_host_put(). However, the if statement below label err0 only checks +whether qedf is NULL but doesn't check whether the memory has been freed. +So a UAF bug can occur. + +There are two ways to reach the statements below err0. The first one is +described as before, "qedf" should be set to NULL. The second one is goto +"err0" directly. In the latter scenario qedf hasn't been changed and it has +the initial value NULL. As a result the if statement is not reachable in +any situation. + +The KASAN logs are as follows: + +[ 2.312969] BUG: KASAN: use-after-free in __qedf_probe+0x5dcf/0x6bc0 +[ 2.312969] +[ 2.312969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 +[ 2.312969] Call Trace: +[ 2.312969] dump_stack_lvl+0x59/0x7b +[ 2.312969] print_address_description+0x7c/0x3b0 +[ 2.312969] ? __qedf_probe+0x5dcf/0x6bc0 +[ 2.312969] __kasan_report+0x160/0x1c0 +[ 2.312969] ? __qedf_probe+0x5dcf/0x6bc0 +[ 2.312969] kasan_report+0x4b/0x70 +[ 2.312969] ? kobject_put+0x25d/0x290 +[ 2.312969] kasan_check_range+0x2ca/0x310 +[ 2.312969] __qedf_probe+0x5dcf/0x6bc0 +[ 2.312969] ? selinux_kernfs_init_security+0xdc/0x5f0 +[ 2.312969] ? trace_rpm_return_int_rcuidle+0x18/0x120 +[ 2.312969] ? rpm_resume+0xa5c/0x16e0 +[ 2.312969] ? qedf_get_generic_tlv_data+0x160/0x160 +[ 2.312969] local_pci_probe+0x13c/0x1f0 +[ 2.312969] pci_device_probe+0x37e/0x6c0 + +Link: https://lore.kernel.org/r/20211112120641.16073-1-fantasquex@gmail.com +Reported-by: Zheyu Ma +Acked-by: Saurav Kashyap +Co-developed-by: Wende Tan +Signed-off-by: Wende Tan +Signed-off-by: Letu Ren +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/qedf/qedf_main.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c +index b253523217b8..01e27285b26b 100644 +--- a/drivers/scsi/qedf/qedf_main.c ++++ b/drivers/scsi/qedf/qedf_main.c +@@ -3345,11 +3345,6 @@ static int __qedf_probe(struct pci_dev *pdev, int mode) + err1: + scsi_host_put(lport->host); + err0: +- if (qedf) { +- QEDF_INFO(&qedf->dbg_ctx, QEDF_LOG_DISC, "Probe done.\n"); +- +- clear_bit(QEDF_PROBING, &qedf->flags); +- } + return rc; + } + +-- +2.35.1 + diff --git a/queue-4.19/series b/queue-4.19/series index 7315ced256e..28bf3baeb45 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -3,3 +3,11 @@ docs-update-mediator-information-in-coc-docs.patch arm-fix-function-graph-tracer-and-unwinder-dependencies.patch wait_on_bit-add-an-acquire-memory-barrier.patch provide-arch_test_bit_acquire-for-architectures-that-define-test_bit.patch +firmware-arm_scmi-add-scmi-pm-driver-remove-routine.patch +dmaengine-xilinx_dma-cleanup-for-fetching-xlnx-num-f.patch +dmaengine-xilinx_dma-report-error-in-case-of-dma_set.patch +arm-dts-fix-moxa-sdio-compatible-remove-sdhci-misnom.patch +scsi-qedf-fix-a-uaf-bug-in-__qedf_probe.patch +net-ieee802154-fix-uninit-value-bug-in-dgram_sendmsg.patch +um-cleanup-syscall_handler_t-cast-in-syscalls_32.h.patch +um-cleanup-compiler-warning-in-arch-x86-um-tls_32.c.patch diff --git a/queue-4.19/um-cleanup-compiler-warning-in-arch-x86-um-tls_32.c.patch b/queue-4.19/um-cleanup-compiler-warning-in-arch-x86-um-tls_32.c.patch new file mode 100644 index 00000000000..157ad5a1706 --- /dev/null +++ b/queue-4.19/um-cleanup-compiler-warning-in-arch-x86-um-tls_32.c.patch @@ -0,0 +1,70 @@ +From 73c97b290edaebbdd35c1c3d31095bf4a7259baf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Aug 2022 15:29:31 +0000 +Subject: um: Cleanup compiler warning in arch/x86/um/tls_32.c + +From: Lukas Straub + +[ Upstream commit d27fff3499671dc23a08efd01cdb8b3764a391c4 ] + +arch.tls_array is statically allocated so checking for NULL doesn't +make sense. This causes the compiler warning below. + +Remove the checks to silence these warnings. + +../arch/x86/um/tls_32.c: In function 'get_free_idx': +../arch/x86/um/tls_32.c:68:13: warning: the comparison will always evaluate as 'true' for the address of 'tls_array' will never be NULL [-Waddress] + 68 | if (!t->arch.tls_array) + | ^ +In file included from ../arch/x86/um/asm/processor.h:10, + from ../include/linux/rcupdate.h:30, + from ../include/linux/rculist.h:11, + from ../include/linux/pid.h:5, + from ../include/linux/sched.h:14, + from ../arch/x86/um/tls_32.c:7: +../arch/x86/um/asm/processor_32.h:22:31: note: 'tls_array' declared here + 22 | struct uml_tls_struct tls_array[GDT_ENTRY_TLS_ENTRIES]; + | ^~~~~~~~~ +../arch/x86/um/tls_32.c: In function 'get_tls_entry': +../arch/x86/um/tls_32.c:243:13: warning: the comparison will always evaluate as 'true' for the address of 'tls_array' will never be NULL [-Waddress] + 243 | if (!t->arch.tls_array) + | ^ +../arch/x86/um/asm/processor_32.h:22:31: note: 'tls_array' declared here + 22 | struct uml_tls_struct tls_array[GDT_ENTRY_TLS_ENTRIES]; + | ^~~~~~~~~ + +Signed-off-by: Lukas Straub +Acked-by: Randy Dunlap # build-tested +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +--- + arch/x86/um/tls_32.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/arch/x86/um/tls_32.c b/arch/x86/um/tls_32.c +index 5bd949da7a4a..b69ab2409430 100644 +--- a/arch/x86/um/tls_32.c ++++ b/arch/x86/um/tls_32.c +@@ -65,9 +65,6 @@ static int get_free_idx(struct task_struct* task) + struct thread_struct *t = &task->thread; + int idx; + +- if (!t->arch.tls_array) +- return GDT_ENTRY_TLS_MIN; +- + for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++) + if (!t->arch.tls_array[idx].present) + return idx + GDT_ENTRY_TLS_MIN; +@@ -242,9 +239,6 @@ static int get_tls_entry(struct task_struct *task, struct user_desc *info, + { + struct thread_struct *t = &task->thread; + +- if (!t->arch.tls_array) +- goto clear; +- + if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) + return -EINVAL; + +-- +2.35.1 + diff --git a/queue-4.19/um-cleanup-syscall_handler_t-cast-in-syscalls_32.h.patch b/queue-4.19/um-cleanup-syscall_handler_t-cast-in-syscalls_32.h.patch new file mode 100644 index 00000000000..224dda6efe1 --- /dev/null +++ b/queue-4.19/um-cleanup-syscall_handler_t-cast-in-syscalls_32.h.patch @@ -0,0 +1,41 @@ +From 1d54fe72c776e7919841c824bcdbe025918ff234 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Aug 2022 15:29:27 +0000 +Subject: um: Cleanup syscall_handler_t cast in syscalls_32.h + +From: Lukas Straub + +[ Upstream commit 61670b4d270c71219def1fbc9441debc2ac2e6e9 ] + +Like in f4f03f299a56ce4d73c5431e0327b3b6cb55ebb9 +"um: Cleanup syscall_handler_t definition/cast, fix warning", +remove the cast to to fix the compiler warning. + +Signed-off-by: Lukas Straub +Acked-by: Randy Dunlap # build-tested +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +--- + arch/x86/um/shared/sysdep/syscalls_32.h | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/um/shared/sysdep/syscalls_32.h b/arch/x86/um/shared/sysdep/syscalls_32.h +index 68fd2cf526fd..f6e9f84397e7 100644 +--- a/arch/x86/um/shared/sysdep/syscalls_32.h ++++ b/arch/x86/um/shared/sysdep/syscalls_32.h +@@ -6,10 +6,9 @@ + #include + #include + +-typedef long syscall_handler_t(struct pt_regs); ++typedef long syscall_handler_t(struct syscall_args); + + extern syscall_handler_t *sys_call_table[]; + + #define EXECUTE_SYSCALL(syscall, regs) \ +- ((long (*)(struct syscall_args)) \ +- (*sys_call_table[syscall]))(SYSCALL_ARGS(®s->regs)) ++ ((*sys_call_table[syscall]))(SYSCALL_ARGS(®s->regs)) +-- +2.35.1 + -- 2.47.3