From 5346d25d3e20d760bfad1c1fcb6af995daa85eeb Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 6 Jun 2021 16:55:36 -0400 Subject: [PATCH] Fixes for 4.9 Signed-off-by: Sasha Levin --- ...mory_xp-and-efi_memory_ro-both-to-be.patch | 41 ++++++++++++ ...printf-use-in-cper_dimm_err_location.patch | 52 ++++++++++++++++ ...d-i2c-hid-fix-format-string-mismatch.patch | 47 ++++++++++++++ ...-error-return-code-in-hid_pidff_init.patch | 36 +++++++++++ ...rror-return-code-in-ieee802154_add_i.patch | 41 ++++++++++++ ...rror-return-code-in-ieee802154_llsec.patch | 41 ++++++++++++ ...s_svc_f_hashed-flag-when-adding-serv.patch | 62 +++++++++++++++++++ ...ink_cthelper-hit-ebusy-on-updates-if.patch | 45 ++++++++++++++ queue-4.9/series | 11 ++++ ...-error-return-code-in-vfio_ecap_init.patch | 39 ++++++++++++ .../vfio-pci-zap_vma_ptes-needs-mmu.patch | 48 ++++++++++++++ ...rm-fix-module_put-call-in-error-flow.patch | 37 +++++++++++ 12 files changed, 500 insertions(+) create mode 100644 queue-4.9/efi-allow-efi_memory_xp-and-efi_memory_ro-both-to-be.patch create mode 100644 queue-4.9/efi-cper-fix-snprintf-use-in-cper_dimm_err_location.patch create mode 100644 queue-4.9/hid-i2c-hid-fix-format-string-mismatch.patch create mode 100644 queue-4.9/hid-pidff-fix-error-return-code-in-hid_pidff_init.patch create mode 100644 queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_add_i.patch create mode 100644 queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_llsec.patch create mode 100644 queue-4.9/ipvs-ignore-ip_vs_svc_f_hashed-flag-when-adding-serv.patch create mode 100644 queue-4.9/netfilter-nfnetlink_cthelper-hit-ebusy-on-updates-if.patch create mode 100644 queue-4.9/vfio-pci-fix-error-return-code-in-vfio_ecap_init.patch create mode 100644 queue-4.9/vfio-pci-zap_vma_ptes-needs-mmu.patch create mode 100644 queue-4.9/vfio-platform-fix-module_put-call-in-error-flow.patch diff --git a/queue-4.9/efi-allow-efi_memory_xp-and-efi_memory_ro-both-to-be.patch b/queue-4.9/efi-allow-efi_memory_xp-and-efi_memory_ro-both-to-be.patch new file mode 100644 index 00000000000..5ddc4f36544 --- /dev/null +++ b/queue-4.9/efi-allow-efi_memory_xp-and-efi_memory_ro-both-to-be.patch @@ -0,0 +1,41 @@ +From 868081d42b0d6aa7049490c74e765158ac7ed977 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 30 Apr 2021 16:22:51 +0200 +Subject: efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared + +From: Heiner Kallweit + +[ Upstream commit 45add3cc99feaaf57d4b6f01d52d532c16a1caee ] + +UEFI spec 2.9, p.108, table 4-1 lists the scenario that both attributes +are cleared with the description "No memory access protection is +possible for Entry". So we can have valid entries where both attributes +are cleared, so remove the check. + +Signed-off-by: Heiner Kallweit +Fixes: 10f0d2f577053 ("efi: Implement generic support for the Memory Attributes table") +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/memattr.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c +index 9faa09e7c31f..c2b991b9fa9e 100644 +--- a/drivers/firmware/efi/memattr.c ++++ b/drivers/firmware/efi/memattr.c +@@ -68,11 +68,6 @@ static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out) + return false; + } + +- if (!(in->attribute & (EFI_MEMORY_RO | EFI_MEMORY_XP))) { +- pr_warn("Entry attributes invalid: RO and XP bits both cleared\n"); +- return false; +- } +- + if (PAGE_SIZE > EFI_PAGE_SIZE && + (!PAGE_ALIGNED(in->phys_addr) || + !PAGE_ALIGNED(in->num_pages << EFI_PAGE_SHIFT))) { +-- +2.30.2 + diff --git a/queue-4.9/efi-cper-fix-snprintf-use-in-cper_dimm_err_location.patch b/queue-4.9/efi-cper-fix-snprintf-use-in-cper_dimm_err_location.patch new file mode 100644 index 00000000000..7617be5c8ca --- /dev/null +++ b/queue-4.9/efi-cper-fix-snprintf-use-in-cper_dimm_err_location.patch @@ -0,0 +1,52 @@ +From e079be99040aaa7f118cc199f55179d928f5bd85 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 21 Apr 2021 21:46:36 +0200 +Subject: efi: cper: fix snprintf() use in cper_dimm_err_location() + +From: Rasmus Villemoes + +[ Upstream commit 942859d969de7f6f7f2659a79237a758b42782da ] + +snprintf() should be given the full buffer size, not one less. And it +guarantees nul-termination, so doing it manually afterwards is +pointless. + +It's even potentially harmful (though probably not in practice because +CPER_REC_LEN is 256), due to the "return how much would have been +written had the buffer been big enough" semantics. I.e., if the bank +and/or device strings are long enough that the "DIMM location ..." +output gets truncated, writing to msg[n] is a buffer overflow. + +Signed-off-by: Rasmus Villemoes +Fixes: 3760cd20402d4 ("CPER: Adjust code flow of some functions") +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/cper.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c +index c0e54396f250..dc8d2603612e 100644 +--- a/drivers/firmware/efi/cper.c ++++ b/drivers/firmware/efi/cper.c +@@ -257,8 +257,7 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg) + if (!msg || !(mem->validation_bits & CPER_MEM_VALID_MODULE_HANDLE)) + return 0; + +- n = 0; +- len = CPER_REC_LEN - 1; ++ len = CPER_REC_LEN; + dmi_memdev_name(mem->mem_dev_handle, &bank, &device); + if (bank && device) + n = snprintf(msg, len, "DIMM location: %s %s ", bank, device); +@@ -267,7 +266,6 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg) + "DIMM location: not present. DMI handle: 0x%.4x ", + mem->mem_dev_handle); + +- msg[n] = '\0'; + return n; + } + +-- +2.30.2 + diff --git a/queue-4.9/hid-i2c-hid-fix-format-string-mismatch.patch b/queue-4.9/hid-i2c-hid-fix-format-string-mismatch.patch new file mode 100644 index 00000000000..cb05172bd95 --- /dev/null +++ b/queue-4.9/hid-i2c-hid-fix-format-string-mismatch.patch @@ -0,0 +1,47 @@ +From ea56e386c4b47eadc9035eca41706320b8d2af68 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 14 May 2021 15:58:50 +0200 +Subject: HID: i2c-hid: fix format string mismatch + +From: Arnd Bergmann + +[ Upstream commit dc5f9f55502e13ba05731d5046a14620aa2ff456 ] + +clang doesn't like printing a 32-bit integer using %hX format string: + +drivers/hid/i2c-hid/i2c-hid-core.c:994:18: error: format specifies type 'unsigned short' but the argument has type '__u32' (aka 'unsigned int') [-Werror,-Wformat] + client->name, hid->vendor, hid->product); + ^~~~~~~~~~~ +drivers/hid/i2c-hid/i2c-hid-core.c:994:31: error: format specifies type 'unsigned short' but the argument has type '__u32' (aka 'unsigned int') [-Werror,-Wformat] + client->name, hid->vendor, hid->product); + ^~~~~~~~~~~~ + +Use an explicit cast to truncate it to the low 16 bits instead. + +Fixes: 9ee3e06610fd ("HID: i2c-hid: override HID descriptors for certain devices") +Signed-off-by: Arnd Bergmann +Reviewed-by: Nathan Chancellor +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/i2c-hid/i2c-hid-core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c +index 606fd875740c..800c477dd076 100644 +--- a/drivers/hid/i2c-hid/i2c-hid-core.c ++++ b/drivers/hid/i2c-hid/i2c-hid-core.c +@@ -1157,8 +1157,8 @@ static int i2c_hid_probe(struct i2c_client *client, + hid->vendor = le16_to_cpu(ihid->hdesc.wVendorID); + hid->product = le16_to_cpu(ihid->hdesc.wProductID); + +- snprintf(hid->name, sizeof(hid->name), "%s %04hX:%04hX", +- client->name, hid->vendor, hid->product); ++ snprintf(hid->name, sizeof(hid->name), "%s %04X:%04X", ++ client->name, (u16)hid->vendor, (u16)hid->product); + strlcpy(hid->phys, dev_name(&client->dev), sizeof(hid->phys)); + + ihid->quirks = i2c_hid_lookup_quirk(hid->vendor, hid->product); +-- +2.30.2 + diff --git a/queue-4.9/hid-pidff-fix-error-return-code-in-hid_pidff_init.patch b/queue-4.9/hid-pidff-fix-error-return-code-in-hid_pidff_init.patch new file mode 100644 index 00000000000..c3249928003 --- /dev/null +++ b/queue-4.9/hid-pidff-fix-error-return-code-in-hid_pidff_init.patch @@ -0,0 +1,36 @@ +From 50a23b660e99da1360f4b623837ec1a726d797f9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 8 May 2021 10:47:37 +0800 +Subject: HID: pidff: fix error return code in hid_pidff_init() + +From: Zhen Lei + +[ Upstream commit 3dd653c077efda8152f4dd395359617d577a54cd ] + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 224ee88fe395 ("Input: add force feedback driver for PID devices") +Reported-by: Hulk Robot +Signed-off-by: Zhen Lei +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/usbhid/hid-pidff.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/hid/usbhid/hid-pidff.c b/drivers/hid/usbhid/hid-pidff.c +index 08174d341f4a..bc75f1efa0f4 100644 +--- a/drivers/hid/usbhid/hid-pidff.c ++++ b/drivers/hid/usbhid/hid-pidff.c +@@ -1304,6 +1304,7 @@ int hid_pidff_init(struct hid_device *hid) + + if (pidff->pool[PID_DEVICE_MANAGED_POOL].value && + pidff->pool[PID_DEVICE_MANAGED_POOL].value[0] == 0) { ++ error = -EPERM; + hid_notice(hid, + "device does not support device managed pool\n"); + goto fail; +-- +2.30.2 + diff --git a/queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_add_i.patch b/queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_add_i.patch new file mode 100644 index 00000000000..be9530d7546 --- /dev/null +++ b/queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_add_i.patch @@ -0,0 +1,41 @@ +From 4748b853accd92734bf0676c56eb969f4fb356db Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 8 May 2021 14:25:17 +0800 +Subject: ieee802154: fix error return code in ieee802154_add_iface() + +From: Zhen Lei + +[ Upstream commit 79c6b8ed30e54b401c873dbad2511f2a1c525fd5 ] + +Fix to return a negative error code from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: be51da0f3e34 ("ieee802154: Stop using NLA_PUT*().") +Reported-by: Hulk Robot +Signed-off-by: Zhen Lei +Link: https://lore.kernel.org/r/20210508062517.2574-1-thunder.leizhen@huawei.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl-phy.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c +index 77d73014bde3..11f53dc0c1c0 100644 +--- a/net/ieee802154/nl-phy.c ++++ b/net/ieee802154/nl-phy.c +@@ -249,8 +249,10 @@ int ieee802154_add_iface(struct sk_buff *skb, struct genl_info *info) + } + + if (nla_put_string(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy)) || +- nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name)) ++ nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name)) { ++ rc = -EMSGSIZE; + goto nla_put_failure; ++ } + dev_put(dev); + + wpan_phy_put(phy); +-- +2.30.2 + diff --git a/queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_llsec.patch b/queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_llsec.patch new file mode 100644 index 00000000000..ddf11ba5ec5 --- /dev/null +++ b/queue-4.9/ieee802154-fix-error-return-code-in-ieee802154_llsec.patch @@ -0,0 +1,41 @@ +From 76db28ec855d3788f6dca704c93d015fe92293e3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 19 May 2021 14:16:14 +0000 +Subject: ieee802154: fix error return code in ieee802154_llsec_getparams() + +From: Wei Yongjun + +[ Upstream commit 373e864cf52403b0974c2f23ca8faf9104234555 ] + +Fix to return negative error code -ENOBUFS from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 3e9c156e2c21 ("ieee802154: add netlink interfaces for llsec") +Reported-by: Hulk Robot +Signed-off-by: Wei Yongjun +Link: https://lore.kernel.org/r/20210519141614.3040055-1-weiyongjun1@huawei.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl-mac.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c +index c0930b9fe848..7531cb1665d2 100644 +--- a/net/ieee802154/nl-mac.c ++++ b/net/ieee802154/nl-mac.c +@@ -688,8 +688,10 @@ int ieee802154_llsec_getparams(struct sk_buff *skb, struct genl_info *info) + nla_put_u8(msg, IEEE802154_ATTR_LLSEC_SECLEVEL, params.out_level) || + nla_put_u32(msg, IEEE802154_ATTR_LLSEC_FRAME_COUNTER, + be32_to_cpu(params.frame_counter)) || +- ieee802154_llsec_fill_key_id(msg, ¶ms.out_key)) ++ ieee802154_llsec_fill_key_id(msg, ¶ms.out_key)) { ++ rc = -ENOBUFS; + goto out_free; ++ } + + dev_put(dev); + +-- +2.30.2 + diff --git a/queue-4.9/ipvs-ignore-ip_vs_svc_f_hashed-flag-when-adding-serv.patch b/queue-4.9/ipvs-ignore-ip_vs_svc_f_hashed-flag-when-adding-serv.patch new file mode 100644 index 00000000000..1db11f93fa3 --- /dev/null +++ b/queue-4.9/ipvs-ignore-ip_vs_svc_f_hashed-flag-when-adding-serv.patch @@ -0,0 +1,62 @@ +From 459e83d60a7842db82af08c062ba9251680e2c27 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 24 May 2021 22:54:57 +0300 +Subject: ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service + +From: Julian Anastasov + +[ Upstream commit 56e4ee82e850026d71223262c07df7d6af3bd872 ] + +syzbot reported memory leak [1] when adding service with +HASHED flag. We should ignore this flag both from sockopt +and netlink provided data, otherwise the service is not +hashed and not visible while releasing resources. + +[1] +BUG: memory leak +unreferenced object 0xffff888115227800 (size 512): + comm "syz-executor263", pid 8658, jiffies 4294951882 (age 12.560s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [] kmalloc include/linux/slab.h:556 [inline] + [] kzalloc include/linux/slab.h:686 [inline] + [] ip_vs_add_service+0x598/0x7c0 net/netfilter/ipvs/ip_vs_ctl.c:1343 + [] do_ip_vs_set_ctl+0x810/0xa40 net/netfilter/ipvs/ip_vs_ctl.c:2570 + [] nf_setsockopt+0x68/0xa0 net/netfilter/nf_sockopt.c:101 + [] ip_setsockopt+0x259/0x1ff0 net/ipv4/ip_sockglue.c:1435 + [] raw_setsockopt+0x18c/0x1b0 net/ipv4/raw.c:857 + [] __sys_setsockopt+0x1b0/0x360 net/socket.c:2117 + [] __do_sys_setsockopt net/socket.c:2128 [inline] + [] __se_sys_setsockopt net/socket.c:2125 [inline] + [] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2125 + [] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 + [] entry_SYSCALL_64_after_hwframe+0x44/0xae + +Reported-and-tested-by: syzbot+e562383183e4b1766930@syzkaller.appspotmail.com +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Julian Anastasov +Reviewed-by: Simon Horman +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/ipvs/ip_vs_ctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c +index ba9e711f7e3d..4e08305a55c4 100644 +--- a/net/netfilter/ipvs/ip_vs_ctl.c ++++ b/net/netfilter/ipvs/ip_vs_ctl.c +@@ -1256,7 +1256,7 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u, + ip_vs_addr_copy(svc->af, &svc->addr, &u->addr); + svc->port = u->port; + svc->fwmark = u->fwmark; +- svc->flags = u->flags; ++ svc->flags = u->flags & ~IP_VS_SVC_F_HASHED; + svc->timeout = u->timeout * HZ; + svc->netmask = u->netmask; + svc->ipvs = ipvs; +-- +2.30.2 + diff --git a/queue-4.9/netfilter-nfnetlink_cthelper-hit-ebusy-on-updates-if.patch b/queue-4.9/netfilter-nfnetlink_cthelper-hit-ebusy-on-updates-if.patch new file mode 100644 index 00000000000..15844a52afe --- /dev/null +++ b/queue-4.9/netfilter-nfnetlink_cthelper-hit-ebusy-on-updates-if.patch @@ -0,0 +1,45 @@ +From cacb86a728eba02f48c0808d65c46a4cb18c25b7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 28 May 2021 13:45:16 +0200 +Subject: netfilter: nfnetlink_cthelper: hit EBUSY on updates if size + mismatches + +From: Pablo Neira Ayuso + +[ Upstream commit 8971ee8b087750a23f3cd4dc55bff2d0303fd267 ] + +The private helper data size cannot be updated. However, updates that +contain NFCTH_PRIV_DATA_LEN might bogusly hit EBUSY even if the size is +the same. + +Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/nfnetlink_cthelper.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c +index 8396dc8ee247..babe42ff3eec 100644 +--- a/net/netfilter/nfnetlink_cthelper.c ++++ b/net/netfilter/nfnetlink_cthelper.c +@@ -355,10 +355,14 @@ static int + nfnl_cthelper_update(const struct nlattr * const tb[], + struct nf_conntrack_helper *helper) + { ++ u32 size; + int ret; + +- if (tb[NFCTH_PRIV_DATA_LEN]) +- return -EBUSY; ++ if (tb[NFCTH_PRIV_DATA_LEN]) { ++ size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN])); ++ if (size != helper->data_len) ++ return -EBUSY; ++ } + + if (tb[NFCTH_POLICY]) { + ret = nfnl_cthelper_update_policy(helper, tb[NFCTH_POLICY]); +-- +2.30.2 + diff --git a/queue-4.9/series b/queue-4.9/series index 496518d3d3d..ab0ac53a730 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -1 +1,12 @@ net-usb-cdc_ncm-don-t-spew-notifications.patch +efi-allow-efi_memory_xp-and-efi_memory_ro-both-to-be.patch +efi-cper-fix-snprintf-use-in-cper_dimm_err_location.patch +vfio-pci-fix-error-return-code-in-vfio_ecap_init.patch +vfio-pci-zap_vma_ptes-needs-mmu.patch +vfio-platform-fix-module_put-call-in-error-flow.patch +ipvs-ignore-ip_vs_svc_f_hashed-flag-when-adding-serv.patch +hid-pidff-fix-error-return-code-in-hid_pidff_init.patch +hid-i2c-hid-fix-format-string-mismatch.patch +netfilter-nfnetlink_cthelper-hit-ebusy-on-updates-if.patch +ieee802154-fix-error-return-code-in-ieee802154_add_i.patch +ieee802154-fix-error-return-code-in-ieee802154_llsec.patch diff --git a/queue-4.9/vfio-pci-fix-error-return-code-in-vfio_ecap_init.patch b/queue-4.9/vfio-pci-fix-error-return-code-in-vfio_ecap_init.patch new file mode 100644 index 00000000000..fd275eabf71 --- /dev/null +++ b/queue-4.9/vfio-pci-fix-error-return-code-in-vfio_ecap_init.patch @@ -0,0 +1,39 @@ +From efe55daf15b1ca579af34bc9119e3d13fc35f95b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 15 May 2021 10:04:58 +0800 +Subject: vfio/pci: Fix error return code in vfio_ecap_init() + +From: Zhen Lei + +[ Upstream commit d1ce2c79156d3baf0830990ab06d296477b93c26 ] + +The error code returned from vfio_ext_cap_len() is stored in 'len', not +in 'ret'. + +Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver") +Reported-by: Hulk Robot +Signed-off-by: Zhen Lei +Reviewed-by: Max Gurtovoy +Message-Id: <20210515020458.6771-1-thunder.leizhen@huawei.com> +Signed-off-by: Alex Williamson +Signed-off-by: Sasha Levin +--- + drivers/vfio/pci/vfio_pci_config.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c +index f3c2de04b20d..5b0f09b211be 100644 +--- a/drivers/vfio/pci/vfio_pci_config.c ++++ b/drivers/vfio/pci/vfio_pci_config.c +@@ -1576,7 +1576,7 @@ static int vfio_ecap_init(struct vfio_pci_device *vdev) + if (len == 0xFF) { + len = vfio_ext_cap_len(vdev, ecap, epos); + if (len < 0) +- return ret; ++ return len; + } + } + +-- +2.30.2 + diff --git a/queue-4.9/vfio-pci-zap_vma_ptes-needs-mmu.patch b/queue-4.9/vfio-pci-zap_vma_ptes-needs-mmu.patch new file mode 100644 index 00000000000..e7cd637dd8f --- /dev/null +++ b/queue-4.9/vfio-pci-zap_vma_ptes-needs-mmu.patch @@ -0,0 +1,48 @@ +From bbeeab473127015b6b49ec2bfcd62b91feb4d160 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 15 May 2021 12:08:56 -0700 +Subject: vfio/pci: zap_vma_ptes() needs MMU + +From: Randy Dunlap + +[ Upstream commit 2a55ca37350171d9b43d561528f23d4130097255 ] + +zap_vma_ptes() is only available when CONFIG_MMU is set/enabled. +Without CONFIG_MMU, vfio_pci.o has build errors, so make +VFIO_PCI depend on MMU. + +riscv64-linux-ld: drivers/vfio/pci/vfio_pci.o: in function `vfio_pci_mmap_open': +vfio_pci.c:(.text+0x1ec): undefined reference to `zap_vma_ptes' +riscv64-linux-ld: drivers/vfio/pci/vfio_pci.o: in function `.L0 ': +vfio_pci.c:(.text+0x165c): undefined reference to `zap_vma_ptes' + +Fixes: 11c4cd07ba11 ("vfio-pci: Fault mmaps to enable vma tracking") +Signed-off-by: Randy Dunlap +Reported-by: kernel test robot +Cc: Alex Williamson +Cc: Cornelia Huck +Cc: kvm@vger.kernel.org +Cc: Jason Gunthorpe +Cc: Eric Auger +Message-Id: <20210515190856.2130-1-rdunlap@infradead.org> +Signed-off-by: Alex Williamson +Signed-off-by: Sasha Levin +--- + drivers/vfio/pci/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/vfio/pci/Kconfig b/drivers/vfio/pci/Kconfig +index 24ee2605b9f0..0da884bfc7a8 100644 +--- a/drivers/vfio/pci/Kconfig ++++ b/drivers/vfio/pci/Kconfig +@@ -1,6 +1,7 @@ + config VFIO_PCI + tristate "VFIO support for PCI devices" + depends on VFIO && PCI && EVENTFD ++ depends on MMU + select VFIO_VIRQFD + select IRQ_BYPASS_MANAGER + help +-- +2.30.2 + diff --git a/queue-4.9/vfio-platform-fix-module_put-call-in-error-flow.patch b/queue-4.9/vfio-platform-fix-module_put-call-in-error-flow.patch new file mode 100644 index 00000000000..20310ab3f18 --- /dev/null +++ b/queue-4.9/vfio-platform-fix-module_put-call-in-error-flow.patch @@ -0,0 +1,37 @@ +From 257757bd19ba094fcba63fe7a92deb06c4dd2436 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 May 2021 22:21:31 +0300 +Subject: vfio/platform: fix module_put call in error flow + +From: Max Gurtovoy + +[ Upstream commit dc51ff91cf2d1e9a2d941da483602f71d4a51472 ] + +The ->parent_module is the one that use in try_module_get. It should +also be the one the we use in module_put during vfio_platform_open(). + +Fixes: 32a2d71c4e80 ("vfio: platform: introduce vfio-platform-base module") +Signed-off-by: Max Gurtovoy +Message-Id: <20210518192133.59195-1-mgurtovoy@nvidia.com> +Signed-off-by: Alex Williamson +Signed-off-by: Sasha Levin +--- + drivers/vfio/platform/vfio_platform_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c +index d143d08c4f0f..9b1b6c1e218d 100644 +--- a/drivers/vfio/platform/vfio_platform_common.c ++++ b/drivers/vfio/platform/vfio_platform_common.c +@@ -288,7 +288,7 @@ err_irq: + vfio_platform_regions_cleanup(vdev); + err_reg: + mutex_unlock(&driver_lock); +- module_put(THIS_MODULE); ++ module_put(vdev->parent_module); + return ret; + } + +-- +2.30.2 + -- 2.47.3