From a7c633e586d7dd5d560fc0d64937e4d6204536e0 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Wed, 9 Aug 2023 14:52:07 +0800 Subject: [PATCH 1/4] lib/cmdline: fix get_option() for strings starting with hyphen mainline inclusion from mainline-v5.11-rc1 commit e291851d65495739e4eede33b6bc387bb546a19b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7R8MK CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e291851d65495739e4eede33b6bc387bb546a19b -------------------------------- When string doesn't have an integer and starts from hyphen get_option() may return interesting results. Fix it to return 0. The simple_strtoull() is used due to absence of simple_strtoul() in a boot code on some architectures. Note, the Fixes tag below is rather for anthropological curiosity. Link: https://lkml.kernel.org/r/20201112180732.75589-4-andriy.shevchenko@linux.intel.com Fixes: f68565831e72 ("Import 2.4.0-test2pre3") Signed-off-by: Andy Shevchenko Cc: Brendan Higgins Cc: David Gow Cc: Mark Brown Cc: Matti Vaittinen Cc: Shuah Khan Cc: Vitor Massaru Iha Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Guo Mengqi --- lib/cmdline.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/cmdline.c b/lib/cmdline.c index 75cb23b0ee69..06d75efb7348 100644 --- a/lib/cmdline.c +++ b/lib/cmdline.c @@ -45,6 +45,9 @@ static int get_range(char **str, int *pint, int n) * 1 - int found, no subsequent comma * 2 - int found including a subsequent comma * 3 - hyphen found to denote a range + * + * Leading hyphen without integer is no integer case, but we consume it + * for the sake of simplification. */ int get_option(char **str, int *pint) @@ -53,7 +56,10 @@ int get_option(char **str, int *pint) if (!cur || !(*cur)) return 0; - *pint = simple_strtol(cur, str, 0); + if (*cur == '-') + *pint = -simple_strtoull(++cur, str, 0); + else + *pint = simple_strtoull(cur, str, 0); if (cur == *str) return 0; if (**str == ',') { -- Gitee From 0bddec089cb096b795f64d71752f7c4a910d3245 Mon Sep 17 00:00:00 2001 From: Sumera Priyadarsini Date: Wed, 9 Aug 2023 14:52:08 +0800 Subject: [PATCH 2/4] bus: arm-integrator-lm: Add of_node_put() before return statement mainline inclusion from mainline-v5.11-rc6 commit 1740e6736922cc1a5d061cc4240d08eacfbbaa71 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7R8MK CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1740e6736922cc1a5d061cc4240d08eacfbbaa71 -------------------------------- Every iteration of for_each_available_child_of_node() decrements the reference count of the previous node, however when control is transferred from the middle of the loop, as in the case of a return or break or goto, there is no decrement thus ultimately resulting in a memory leak. Fix a potential memory leak in arm-integrator-lm.c by inserting of_node_put() before a return statement. Issue found with Coccinelle. Signed-off-by: Sumera Priyadarsini Signed-off-by: Linus Walleij Link: https://lore.kernel.org/r/20200829174154.GA9319@Kaladin Link: https://lore.kernel.org/r/20210112092549.251548-1-linus.walleij@linaro.org' Signed-off-by: Arnd Bergmann Signed-off-by: Guo Mengqi --- drivers/bus/arm-integrator-lm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bus/arm-integrator-lm.c b/drivers/bus/arm-integrator-lm.c index 845b6c43fef8..2344d560b144 100644 --- a/drivers/bus/arm-integrator-lm.c +++ b/drivers/bus/arm-integrator-lm.c @@ -54,6 +54,7 @@ static int integrator_lm_populate(int num, struct device *dev) ret = of_platform_default_populate(child, NULL, dev); if (ret) { dev_err(dev, "failed to populate module\n"); + of_node_put(child); return ret; } } -- Gitee From 60448066532eef764f8b1843e39bc14cfbd86933 Mon Sep 17 00:00:00 2001 From: Huang Shijie Date: Wed, 9 Aug 2023 14:52:09 +0800 Subject: [PATCH 3/4] lib/genalloc.c: change return type to unsigned long for bitmap_set_ll mainline inclusion from mainline-v5.12-rc1 commit 0e24465d3313832e82f8bd9ee2439da1367dd2e5 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7R8MK CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e24465d3313832e82f8bd9ee2439da1367dd2e5 -------------------------------- Just as bitmap_clear_ll(), change return type to unsigned long for bitmap_set_ll to avoid the possible overflow in future. Link: https://lkml.kernel.org/r/20210105031644.2771-1-sjhuang@iluvatar.ai Signed-off-by: Huang Shijie Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Guo Mengqi --- lib/genalloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/genalloc.c b/lib/genalloc.c index dab97bb69df6..5dcf9cdcbc46 100644 --- a/lib/genalloc.c +++ b/lib/genalloc.c @@ -81,7 +81,8 @@ static int clear_bits_ll(unsigned long *addr, unsigned long mask_to_clear) * users set the same bit, one user will return remain bits, otherwise * return 0. */ -static int bitmap_set_ll(unsigned long *map, unsigned long start, unsigned long nr) +static unsigned long +bitmap_set_ll(unsigned long *map, unsigned long start, unsigned long nr) { unsigned long *p = map + BIT_WORD(start); const unsigned long size = start + nr; -- Gitee From a7f095f21686df68f5931b45fe248db4a3e72d8d Mon Sep 17 00:00:00 2001 From: Saravana Kannan Date: Wed, 9 Aug 2023 14:52:10 +0800 Subject: [PATCH 4/4] driver core: Update device link status properly for device_bind_driver() mainline inclusion from mainline-v5.13-rc1 commit b6f617df4fa936c1ab1831c2b23563f6c1add6c4 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7R8MK CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b6f617df4fa936c1ab1831c2b23563f6c1add6c4 -------------------------------- Device link status was not getting updated correctly when device_bind_driver() is called on a device. This causes a warning[1]. Fix this by updating device links that can be updated and dropping device links that can't be updated to a sensible state. [1] - https://lore.kernel.org/lkml/56f7d032-ba5a-a8c7-23de-2969d98c527e@nvidia.com/ Tested-by: Jon Hunter Signed-off-by: Saravana Kannan Link: https://lore.kernel.org/r/20210302211133.2244281-3-saravanak@google.com Signed-off-by: Greg Kroah-Hartman Signed-off-by: Guo Mengqi --- drivers/base/base.h | 1 + drivers/base/core.c | 35 +++++++++++++++++++++++++++++++++++ drivers/base/dd.c | 4 +++- 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/drivers/base/base.h b/drivers/base/base.h index 7d97447460fa..54e51876613c 100644 --- a/drivers/base/base.h +++ b/drivers/base/base.h @@ -186,6 +186,7 @@ extern int device_links_read_lock(void); extern void device_links_read_unlock(int idx); extern int device_links_read_lock_held(void); extern int device_links_check_suppliers(struct device *dev); +extern void device_links_force_bind(struct device *dev); extern void device_links_driver_bound(struct device *dev); extern void device_links_driver_cleanup(struct device *dev); extern void device_links_no_driver(struct device *dev); diff --git a/drivers/base/core.c b/drivers/base/core.c index af0024a9aa7c..1559caa7cbe9 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1099,6 +1099,41 @@ static ssize_t waiting_for_supplier_show(struct device *dev, } static DEVICE_ATTR_RO(waiting_for_supplier); +/** + * device_links_force_bind - Prepares device to be force bound + * @dev: Consumer device. + * + * device_bind_driver() force binds a device to a driver without calling any + * driver probe functions. So the consumer really isn't going to wait for any + * supplier before it's bound to the driver. We still want the device link + * states to be sensible when this happens. + * + * In preparation for device_bind_driver(), this function goes through each + * supplier device links and checks if the supplier is bound. If it is, then + * the device link status is set to CONSUMER_PROBE. Otherwise, the device link + * is dropped. Links without the DL_FLAG_MANAGED flag set are ignored. + */ +void device_links_force_bind(struct device *dev) +{ + struct device_link *link, *ln; + + device_links_write_lock(); + + list_for_each_entry_safe(link, ln, &dev->links.suppliers, c_node) { + if (!(link->flags & DL_FLAG_MANAGED)) + continue; + + if (link->status != DL_STATE_AVAILABLE) { + device_link_drop_managed(link); + continue; + } + WRITE_ONCE(link->status, DL_STATE_CONSUMER_PROBE); + } + dev->links.status = DL_DEV_PROBING; + + device_links_write_unlock(); +} + /** * device_links_driver_bound - Update device links after probing its driver. * @dev: Device to update the links for. diff --git a/drivers/base/dd.c b/drivers/base/dd.c index 5dee895e41ed..f697eb02c221 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -460,8 +460,10 @@ int device_bind_driver(struct device *dev) int ret; ret = driver_sysfs_add(dev); - if (!ret) + if (!ret) { + device_links_force_bind(dev); driver_bound(dev); + } else if (dev->bus) blocking_notifier_call_chain(&dev->bus->p->bus_notifier, BUS_NOTIFY_DRIVER_NOT_BOUND, dev); -- Gitee