2023-03-01 16:30:58

by Sasha Levin

[permalink] [raw]
Subject: [PATCH AUTOSEL 5.10 1/5] tracing: Add NULL checks for buffer in ring_buffer_free_read_page()

From: Jia-Ju Bai <[email protected]>

[ Upstream commit 3e4272b9954094907f16861199728f14002fcaf6 ]

In a previous commit 7433632c9ff6, buffer, buffer->buffers and
buffer->buffers[cpu] in ring_buffer_wake_waiters() can be NULL,
and thus the related checks are added.

However, in the same call stack, these variables are also used in
ring_buffer_free_read_page():

tracing_buffers_release()
ring_buffer_wake_waiters(iter->array_buffer->buffer)
cpu_buffer = buffer->buffers[cpu] -> Add checks by previous commit
ring_buffer_free_read_page(iter->array_buffer->buffer)
cpu_buffer = buffer->buffers[cpu] -> No check

Thus, to avod possible null-pointer derefernces, the related checks
should be added.

These results are reported by a static tool designed by myself.

Link: https://lkml.kernel.org/r/[email protected]

Reported-by: TOTE Robot <[email protected]>
Signed-off-by: Jia-Ju Bai <[email protected]>
Signed-off-by: Steven Rostedt (Google) <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
kernel/trace/ring_buffer.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 49ebb8c662682..1429d190752ee 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -5324,11 +5324,16 @@ EXPORT_SYMBOL_GPL(ring_buffer_alloc_read_page);
*/
void ring_buffer_free_read_page(struct trace_buffer *buffer, int cpu, void *data)
{
- struct ring_buffer_per_cpu *cpu_buffer = buffer->buffers[cpu];
+ struct ring_buffer_per_cpu *cpu_buffer;
struct buffer_data_page *bpage = data;
struct page *page = virt_to_page(bpage);
unsigned long flags;

+ if (!buffer || !buffer->buffers || !buffer->buffers[cpu])
+ return;
+
+ cpu_buffer = buffer->buffers[cpu];
+
/* If the page is still in use someplace else, we can't reuse it */
if (page_ref_count(page) > 1)
goto out;
--
2.39.2



2023-03-01 16:31:02

by Sasha Levin

[permalink] [raw]
Subject: [PATCH AUTOSEL 5.10 2/5] efi: efivars: prevent double registration

From: Johan Hovold <[email protected]>

[ Upstream commit 0217a40d7ba6e71d7f3422fbe89b436e8ee7ece7 ]

Add the missing sanity check to efivars_register() so that it is no
longer possible to override an already registered set of efivar ops
(without first deregistering them).

This can help debug initialisation ordering issues where drivers have so
far unknowingly been relying on overriding the generic ops.

Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/firmware/efi/vars.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
index cae590bd08f27..871dee9343bfb 100644
--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -1164,19 +1164,28 @@ int efivars_register(struct efivars *efivars,
const struct efivar_operations *ops,
struct kobject *kobject)
{
+ int rv;
+
if (down_interruptible(&efivars_lock))
return -EINTR;

+ if (__efivars) {
+ pr_warn("efivars already registered\n");
+ rv = -EBUSY;
+ goto out;
+ }
+
efivars->ops = ops;
efivars->kobject = kobject;

__efivars = efivars;

pr_info("Registered efivars operations\n");
-
+ rv = 0;
+out:
up(&efivars_lock);

- return 0;
+ return rv;
}
EXPORT_SYMBOL_GPL(efivars_register);

--
2.39.2


2023-03-01 16:31:13

by Sasha Levin

[permalink] [raw]
Subject: [PATCH AUTOSEL 5.10 3/5] firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3

From: Darrell Kavanagh <[email protected]>

[ Upstream commit e1d447157f232c650e6f32c9fb89ff3d0207c69a ]

Another Lenovo convertable which reports a landscape resolution of
1920x1200 with a pitch of (1920 * 4) bytes, while the actual framebuffer
has a resolution of 1200x1920 with a pitch of (1200 * 4) bytes.

Signed-off-by: Darrell Kavanagh <[email protected]>
Reviewed-by: Hans de Goede <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
arch/x86/kernel/sysfb_efi.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/arch/x86/kernel/sysfb_efi.c b/arch/x86/kernel/sysfb_efi.c
index 653b7f617b61b..9ea65611fba0b 100644
--- a/arch/x86/kernel/sysfb_efi.c
+++ b/arch/x86/kernel/sysfb_efi.c
@@ -264,6 +264,14 @@ static const struct dmi_system_id efifb_dmi_swap_width_height[] __initconst = {
"Lenovo ideapad D330-10IGM"),
},
},
+ {
+ /* Lenovo IdeaPad Duet 3 10IGL5 with 1200x1920 portrait screen */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_VERSION,
+ "IdeaPad Duet 3 10IGL5"),
+ },
+ },
{},
};

--
2.39.2


2023-03-01 16:31:16

by Sasha Levin

[permalink] [raw]
Subject: [PATCH AUTOSEL 5.10 5/5] mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak

From: Liang He <[email protected]>

[ Upstream commit 4414a7ab80cebf715045e3c4d465feefbad21139 ]

In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get()
as pm_runtime_get_sync() will increase the refcnt even when it
returns an error.

Signed-off-by: Liang He <[email protected]>
Acked-by: Charles Keepax <[email protected]>
Signed-off-by: Lee Jones <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/mfd/arizona-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mfd/arizona-core.c b/drivers/mfd/arizona-core.c
index 000cb82023e35..afdc490836255 100644
--- a/drivers/mfd/arizona-core.c
+++ b/drivers/mfd/arizona-core.c
@@ -45,7 +45,7 @@ int arizona_clk32k_enable(struct arizona *arizona)
if (arizona->clk32k_ref == 1) {
switch (arizona->pdata.clk32k_src) {
case ARIZONA_32KZ_MCLK1:
- ret = pm_runtime_get_sync(arizona->dev);
+ ret = pm_runtime_resume_and_get(arizona->dev);
if (ret != 0)
goto err_ref;
ret = clk_prepare_enable(arizona->mclk[ARIZONA_MCLK1]);
--
2.39.2


2023-03-01 16:31:26

by Sasha Levin

[permalink] [raw]
Subject: [PATCH AUTOSEL 5.10 4/5] bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support

From: Souradeep Chowdhury <[email protected]>

[ Upstream commit 6c40624930c58529185a257380442547580ed837 ]

The Data Capture and Compare(DCC) is a debugging tool that uses the bootconfig
for configuring the register values during boot-time. Increase the max nodes
supported by bootconfig to cater to the requirements of the Data Capture and
Compare Driver.

Link: https://lore.kernel.org/all/[email protected]/

Signed-off-by: Souradeep Chowdhury <[email protected]>
Acked-by: Masami Hiramatsu (Google) <[email protected]>
Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
include/linux/bootconfig.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h
index 2696eb0fc1497..df9cbf02d0303 100644
--- a/include/linux/bootconfig.h
+++ b/include/linux/bootconfig.h
@@ -29,7 +29,7 @@ struct xbc_node {
/* Maximum size of boot config is 32KB - 1 */
#define XBC_DATA_MAX (XBC_VALUE - 1)

-#define XBC_NODE_MAX 1024
+#define XBC_NODE_MAX 8192
#define XBC_KEYLEN_MAX 256
#define XBC_DEPTH_MAX 16

--
2.39.2


2023-03-01 16:34:28

by Ard Biesheuvel

[permalink] [raw]
Subject: Re: [PATCH AUTOSEL 5.10 2/5] efi: efivars: prevent double registration

On Wed, 1 Mar 2023 at 17:30, Sasha Levin <[email protected]> wrote:
>
> From: Johan Hovold <[email protected]>
>
> [ Upstream commit 0217a40d7ba6e71d7f3422fbe89b436e8ee7ece7 ]
>
> Add the missing sanity check to efivars_register() so that it is no
> longer possible to override an already registered set of efivar ops
> (without first deregistering them).
>
> This can help debug initialisation ordering issues where drivers have so
> far unknowingly been relying on overriding the generic ops.
>
> Signed-off-by: Johan Hovold <[email protected]>
> Signed-off-by: Ard Biesheuvel <[email protected]>
> Signed-off-by: Sasha Levin <[email protected]>

NAK this is not a bugfix.

> ---
> drivers/firmware/efi/vars.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
> index cae590bd08f27..871dee9343bfb 100644
> --- a/drivers/firmware/efi/vars.c
> +++ b/drivers/firmware/efi/vars.c
> @@ -1164,19 +1164,28 @@ int efivars_register(struct efivars *efivars,
> const struct efivar_operations *ops,
> struct kobject *kobject)
> {
> + int rv;
> +
> if (down_interruptible(&efivars_lock))
> return -EINTR;
>
> + if (__efivars) {
> + pr_warn("efivars already registered\n");
> + rv = -EBUSY;
> + goto out;
> + }
> +
> efivars->ops = ops;
> efivars->kobject = kobject;
>
> __efivars = efivars;
>
> pr_info("Registered efivars operations\n");
> -
> + rv = 0;
> +out:
> up(&efivars_lock);
>
> - return 0;
> + return rv;
> }
> EXPORT_SYMBOL_GPL(efivars_register);
>
> --
> 2.39.2
>