diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-04-29 17:48:29 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-04-29 17:48:29 +0200 |
| commit | 2dbcfa4151a7236ec06d8d7055b068f64cb82d12 (patch) | |
| tree | 47b62e2c27c4bc2b96fd0ef69cd60b9b0f7a4001 | |
| parent | 2e3b81250a6b4432bf99ea1aafaf4eadda73f76b (diff) | |
| download | stable-queue-2dbcfa4151a7236ec06d8d7055b068f64cb82d12.tar.gz | |
5.10-stable patches
added patches:
media-venus-fix-uninitialized-variable-count-being-checked-for-zero.patch
media-venus-hfi_parser-check-for-instance-after-hfi-platform-get.patch
mips-cm-fix-warning-if-mips_cm-is-disabled.patch
nvme-fixup-scan-failure-for-non-ana-multipath-controllers.patch
pci-fix-use-after-free-in-pci_bus_release_domain_nr.patch
soc-samsung-exynos-chipid-correct-helpers-__init-annotation.patch
7 files changed, 293 insertions, 0 deletions
diff --git a/queue-5.10/media-venus-fix-uninitialized-variable-count-being-checked-for-zero.patch b/queue-5.10/media-venus-fix-uninitialized-variable-count-being-checked-for-zero.patch new file mode 100644 index 00000000000..0473cd85cbd --- /dev/null +++ b/queue-5.10/media-venus-fix-uninitialized-variable-count-being-checked-for-zero.patch @@ -0,0 +1,35 @@ +From c5b14df7a80acadbbd184808dc3f519fbb2ab96c Mon Sep 17 00:00:00 2001 +From: Colin Ian King <colin.king@canonical.com> +Date: Fri, 15 Jan 2021 11:11:26 +0100 +Subject: media: venus: Fix uninitialized variable count being checked for zero + +From: Colin Ian King <colin.king@canonical.com> + +commit c5b14df7a80acadbbd184808dc3f519fbb2ab96c upstream. + +In the case where plat->codecs is NULL the variable count is uninitialized +but is being checked to see if it is 0. Fix this by initializing +count to 0. + +Addresses-Coverity: ("Uninitialized scalar variable") + +Fixes: e29929266be1 ("media: venus: Get codecs and capabilities from hfi platform") +Signed-off-by: Colin Ian King <colin.king@canonical.com> +Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org> +Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/media/platform/qcom/venus/hfi_parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/platform/qcom/venus/hfi_parser.c ++++ b/drivers/media/platform/qcom/venus/hfi_parser.c +@@ -266,7 +266,7 @@ static int hfi_platform_parser(struct ve + { + const struct hfi_platform *plat; + const struct hfi_plat_caps *caps = NULL; +- u32 enc_codecs, dec_codecs, count; ++ u32 enc_codecs, dec_codecs, count = 0; + unsigned int entries; + + if (inst) diff --git a/queue-5.10/media-venus-hfi_parser-check-for-instance-after-hfi-platform-get.patch b/queue-5.10/media-venus-hfi_parser-check-for-instance-after-hfi-platform-get.patch new file mode 100644 index 00000000000..8d943bfb2e5 --- /dev/null +++ b/queue-5.10/media-venus-hfi_parser-check-for-instance-after-hfi-platform-get.patch @@ -0,0 +1,43 @@ +From 9b5d8fd580caa898c6e1b8605c774f2517f786ab Mon Sep 17 00:00:00 2001 +From: Stanimir Varbanov <stanimir.varbanov@linaro.org> +Date: Sun, 7 Mar 2021 12:17:27 +0100 +Subject: media: venus: hfi_parser: Check for instance after hfi platform get + +From: Stanimir Varbanov <stanimir.varbanov@linaro.org> + +commit 9b5d8fd580caa898c6e1b8605c774f2517f786ab upstream. + +The inst function argument is != NULL only for Venus v1 and +we did not migrate v1 to a hfi_platform abstraction yet. So +check for instance != NULL only after hfi_platform_get returns +no error. + +Fixes: e29929266be1 ("media: venus: Get codecs and capabilities from hfi platform") +Cc: stable@vger.kernel.org # v5.12 +Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org> +Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> +Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/media/platform/qcom/venus/hfi_parser.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/media/platform/qcom/venus/hfi_parser.c ++++ b/drivers/media/platform/qcom/venus/hfi_parser.c +@@ -269,13 +269,13 @@ static int hfi_platform_parser(struct ve + u32 enc_codecs, dec_codecs, count = 0; + unsigned int entries; + +- if (inst) +- return 0; +- + plat = hfi_platform_get(core->res->hfi_version); + if (!plat) + return -EINVAL; + ++ if (inst) ++ return 0; ++ + if (plat->codecs) + plat->codecs(&enc_codecs, &dec_codecs, &count); + diff --git a/queue-5.10/mips-cm-fix-warning-if-mips_cm-is-disabled.patch b/queue-5.10/mips-cm-fix-warning-if-mips_cm-is-disabled.patch new file mode 100644 index 00000000000..272bbfb37c6 --- /dev/null +++ b/queue-5.10/mips-cm-fix-warning-if-mips_cm-is-disabled.patch @@ -0,0 +1,38 @@ +From b73c3ccdca95c237750c981054997c71d33e09d7 Mon Sep 17 00:00:00 2001 +From: Thomas Bogendoerfer <tsbogend@alpha.franken.de> +Date: Fri, 28 Feb 2025 15:37:02 +0100 +Subject: MIPS: cm: Fix warning if MIPS_CM is disabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Bogendoerfer <tsbogend@alpha.franken.de> + +commit b73c3ccdca95c237750c981054997c71d33e09d7 upstream. + +Commit e27fbe16af5c ("MIPS: cm: Detect CM quirks from device tree") +introduced + +arch/mips/include/asm/mips-cm.h:119:13: error: ‘mips_cm_update_property’ + defined but not used [-Werror=unused-function] + +Fix this by making empty function implementation inline + +Fixes: e27fbe16af5c ("MIPS: cm: Detect CM quirks from device tree") +Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/mips/include/asm/mips-cm.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/include/asm/mips-cm.h ++++ b/arch/mips/include/asm/mips-cm.h +@@ -104,7 +104,7 @@ static inline bool mips_cm_present(void) + #ifdef CONFIG_MIPS_CM + extern void mips_cm_update_property(void); + #else +-static void mips_cm_update_property(void) {} ++static inline void mips_cm_update_property(void) {} + #endif + + /** diff --git a/queue-5.10/nvme-fixup-scan-failure-for-non-ana-multipath-controllers.patch b/queue-5.10/nvme-fixup-scan-failure-for-non-ana-multipath-controllers.patch new file mode 100644 index 00000000000..e76b923d7ac --- /dev/null +++ b/queue-5.10/nvme-fixup-scan-failure-for-non-ana-multipath-controllers.patch @@ -0,0 +1,36 @@ +From 26d7fb4fd4ca1180e2fa96587dea544563b4962a Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke <hare@kernel.org> +Date: Mon, 14 Apr 2025 14:05:09 +0200 +Subject: nvme: fixup scan failure for non-ANA multipath controllers + +From: Hannes Reinecke <hare@kernel.org> + +commit 26d7fb4fd4ca1180e2fa96587dea544563b4962a upstream. + +Commit 62baf70c3274 caused the ANA log page to be re-read, even on +controllers that do not support ANA. While this should generally +harmless, some controllers hang on the unsupported log page and +never finish probing. + +Fixes: 62baf70c3274 ("nvme: re-read ANA log page after ns scan completes") +Signed-off-by: Hannes Reinecke <hare@kernel.org> +Tested-by: Srikanth Aithal <sraithal@amd.com> +[hch: more detailed commit message] +Signed-off-by: Christoph Hellwig <hch@lst.de> +Reviewed-by: Sagi Grimberg <sagi@grimberg.me> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/nvme/host/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -4271,7 +4271,7 @@ static void nvme_scan_work(struct work_s + if (test_bit(NVME_AER_NOTICE_NS_CHANGED, &ctrl->events)) + nvme_queue_scan(ctrl); + #ifdef CONFIG_NVME_MULTIPATH +- else ++ else if (ctrl->ana_log_buf) + /* Re-read the ANA log page to not miss updates */ + queue_work(nvme_wq, &ctrl->ana_work); + #endif diff --git a/queue-5.10/pci-fix-use-after-free-in-pci_bus_release_domain_nr.patch b/queue-5.10/pci-fix-use-after-free-in-pci_bus_release_domain_nr.patch new file mode 100644 index 00000000000..a15a4d54f51 --- /dev/null +++ b/queue-5.10/pci-fix-use-after-free-in-pci_bus_release_domain_nr.patch @@ -0,0 +1,100 @@ +From 30ba2d09edb5ea857a1473ae3d820911347ada62 Mon Sep 17 00:00:00 2001 +From: Rob Herring <robh@kernel.org> +Date: Wed, 29 Mar 2023 07:38:35 -0500 +Subject: PCI: Fix use-after-free in pci_bus_release_domain_nr() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rob Herring <robh@kernel.org> + +commit 30ba2d09edb5ea857a1473ae3d820911347ada62 upstream. + +Commit c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()") +introduced a use-after-free bug in the bus removal cleanup. The issue was +found with kfence: + + [ 19.293351] BUG: KFENCE: use-after-free read in pci_bus_release_domain_nr+0x10/0x70 + + [ 19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115): + [ 19.309677] pci_bus_release_domain_nr+0x10/0x70 + [ 19.309691] dw_pcie_host_deinit+0x28/0x78 + [ 19.309702] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194] + [ 19.309734] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194] + [ 19.309752] platform_probe+0x90/0xd8 + ... + + [ 19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k + + [ 19.311469] allocated by task 96 on cpu 10 at 19.279323s: + [ 19.311562] __kmem_cache_alloc_node+0x260/0x278 + [ 19.311571] kmalloc_trace+0x24/0x30 + [ 19.311580] pci_alloc_bus+0x24/0xa0 + [ 19.311590] pci_register_host_bridge+0x48/0x4b8 + [ 19.311601] pci_scan_root_bus_bridge+0xc0/0xe8 + [ 19.311613] pci_host_probe+0x18/0xc0 + [ 19.311623] dw_pcie_host_init+0x2c0/0x568 + [ 19.311630] tegra_pcie_dw_probe+0x610/0xb28 [pcie_tegra194] + [ 19.311647] platform_probe+0x90/0xd8 + ... + + [ 19.311782] freed by task 96 on cpu 10 at 19.285833s: + [ 19.311799] release_pcibus_dev+0x30/0x40 + [ 19.311808] device_release+0x30/0x90 + [ 19.311814] kobject_put+0xa8/0x120 + [ 19.311832] device_unregister+0x20/0x30 + [ 19.311839] pci_remove_bus+0x78/0x88 + [ 19.311850] pci_remove_root_bus+0x5c/0x98 + [ 19.311860] dw_pcie_host_deinit+0x28/0x78 + [ 19.311866] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194] + [ 19.311883] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194] + [ 19.311900] platform_probe+0x90/0xd8 + ... + + [ 19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4 + [ 19.320171] Hardware name: /, BIOS 1.0-d7fb19b 08/10/2022 + [ 19.325852] Workqueue: events_unbound deferred_probe_work_func + +The stack trace is a bit misleading as dw_pcie_host_deinit() doesn't +directly call pci_bus_release_domain_nr(). The issue turns out to be in +pci_remove_root_bus() which first calls pci_remove_bus() which frees the +struct pci_bus when its struct device is released. Then +pci_bus_release_domain_nr() is called and accesses the freed struct +pci_bus. Reordering these fixes the issue. + +Fixes: c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()") +Link: https://lore.kernel.org/r/20230329123835.2724518-1-robh@kernel.org +Link: https://lore.kernel.org/r/b529cb69-0602-9eed-fc02-2f068707a006@nvidia.com +Reported-by: Jon Hunter <jonathanh@nvidia.com> +Tested-by: Jon Hunter <jonathanh@nvidia.com> +Signed-off-by: Rob Herring <robh@kernel.org> +Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> +Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> +Cc: stable@vger.kernel.org # v6.2+ +Cc: Pali Rohár <pali@kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/pci/remove.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/pci/remove.c ++++ b/drivers/pci/remove.c +@@ -156,8 +156,6 @@ void pci_remove_root_bus(struct pci_bus + list_for_each_entry_safe(child, tmp, + &bus->devices, bus_list) + pci_remove_bus_device(child); +- pci_remove_bus(bus); +- host_bridge->bus = NULL; + + #ifdef CONFIG_PCI_DOMAINS_GENERIC + /* Release domain_nr if it was dynamically allocated */ +@@ -165,6 +163,9 @@ void pci_remove_root_bus(struct pci_bus + pci_bus_release_domain_nr(bus, host_bridge->dev.parent); + #endif + ++ pci_remove_bus(bus); ++ host_bridge->bus = NULL; ++ + /* remove the host bridge */ + device_del(&host_bridge->dev); + } diff --git a/queue-5.10/series b/queue-5.10/series index aaf96912e09..1c5e37cdb9d 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -278,3 +278,9 @@ s390-virtio_ccw-don-t-allocate-assign-airqs-for-non-existing-queues.patch comedi-jr3_pci-fix-synchronous-deletion-of-timer.patch crypto-atmel-sha204a-set-hwrng-quality-to-lowest-possible.patch xdp-reset-bpf_redirect_info-before-running-a-xdp-s-bpf-prog.patch +mips-cm-fix-warning-if-mips_cm-is-disabled.patch +nvme-fixup-scan-failure-for-non-ana-multipath-controllers.patch +pci-fix-use-after-free-in-pci_bus_release_domain_nr.patch +soc-samsung-exynos-chipid-correct-helpers-__init-annotation.patch +media-venus-fix-uninitialized-variable-count-being-checked-for-zero.patch +media-venus-hfi_parser-check-for-instance-after-hfi-platform-get.patch diff --git a/queue-5.10/soc-samsung-exynos-chipid-correct-helpers-__init-annotation.patch b/queue-5.10/soc-samsung-exynos-chipid-correct-helpers-__init-annotation.patch new file mode 100644 index 00000000000..38c4d1bb81f --- /dev/null +++ b/queue-5.10/soc-samsung-exynos-chipid-correct-helpers-__init-annotation.patch @@ -0,0 +1,35 @@ +From 6166174afc2bc74ca550af388508384b57d5163d Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski <krzk@kernel.org> +Date: Tue, 5 Jan 2021 18:44:40 +0100 +Subject: soc: samsung: exynos-chipid: correct helpers __init annotation + +From: Krzysztof Kozlowski <krzk@kernel.org> + +commit 6166174afc2bc74ca550af388508384b57d5163d upstream. + +After converting to builtin driver, the probe function should not call +__init functions anymore: + + >> WARNING: modpost: vmlinux.o(.text+0x8884d4): + Section mismatch in reference from the function exynos_chipid_probe() to the function .init.text:product_id_to_soc_id() + +Reported-by: kernel test robot <lkp@intel.com> +Fixes: 352bfbb3e023 ("soc: samsung: exynos-chipid: convert to driver and merge exynos-asv") +Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> +Link: https://lore.kernel.org/r/20210105174440.120041-1-krzk@kernel.org +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/soc/samsung/exynos-chipid.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/soc/samsung/exynos-chipid.c ++++ b/drivers/soc/samsung/exynos-chipid.c +@@ -55,7 +55,7 @@ static const struct exynos_soc_id { + { "EXYNOS5433", 0xE5433000 }, + }; + +-static const char * __init product_id_to_soc_id(unsigned int product_id) ++static const char *product_id_to_soc_id(unsigned int product_id) + { + int i; + |