From: Uwe Kleine-König u.kleine-koenig@pengutronix.de

mainline inclusion from mainline-v6.9-rc1 commit b0cde62e4c548b2e7cb535caa6eb0df135888601 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IACTBX CVE: CVE-2024-40965

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

This allows to simplify drivers that use clk_rate_exclusive_get() in their probe routine as calling clk_rate_exclusive_put() is cared for automatically.

Signed-off-by: Uwe Kleine-König u.kleine-koenig@pengutronix.de Link: https://lore.kernel.org/r/20240104225512.1124519-2-u.kleine-koenig@pengutron... Acked-by: Russell King (Oracle) rmk+kernel@armlinux.org.uk Signed-off-by: Stephen Boyd sboyd@kernel.org Signed-off-by: dinglongwei dinglongwei1@huawei.com --- drivers/clk/clk.c | 19 +++++++++++++++++++ include/linux/clk.h | 12 ++++++++++++ 2 files changed, 31 insertions(+)

diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index f8776065ad1f..d942d62e95eb 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -1030,6 +1030,25 @@ int clk_rate_exclusive_get(struct clk *clk) } EXPORT_SYMBOL_GPL(clk_rate_exclusive_get);

+static void devm_clk_rate_exclusive_put(void *data) +{ + struct clk *clk = data; + + clk_rate_exclusive_put(clk); +} + +int devm_clk_rate_exclusive_get(struct device *dev, struct clk *clk) +{ + int ret; + + ret = clk_rate_exclusive_get(clk); + if (ret) + return ret; + + return devm_add_action_or_reset(dev, devm_clk_rate_exclusive_put, clk); +} +EXPORT_SYMBOL_GPL(devm_clk_rate_exclusive_get); + static void clk_core_unprepare(struct clk_core *core) { lockdep_assert_held(&prepare_lock); diff --git a/include/linux/clk.h b/include/linux/clk.h index 06f1b292f8a0..24c49b01c25d 100644 --- a/include/linux/clk.h +++ b/include/linux/clk.h @@ -201,6 +201,18 @@ bool clk_is_match(const struct clk *p, const struct clk *q); */ int clk_rate_exclusive_get(struct clk *clk);

+/** + * devm_clk_rate_exclusive_get - devm variant of clk_rate_exclusive_get + * @dev: device the exclusivity is bound to + * @clk: clock source + * + * Calls clk_rate_exclusive_get() on @clk and registers a devm cleanup handler + * on @dev to call clk_rate_exclusive_put(). + * + * Must not be called from within atomic context. + */ +int devm_clk_rate_exclusive_get(struct device *dev, struct clk *clk); + /** * clk_rate_exclusive_put - release exclusivity over the rate control of a * producer

From: Alexander Stein alexander.stein@ew.tq-group.com

stable inclusion from stable-v6.9.7 commit 2b42e9587a7a9c7b824e0feb92958f258263963e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IACTBX CVE: CVE-2024-40965

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...

--------------------------------

[ Upstream commit 4268254a39484fc11ba991ae148bacbe75d9cc0a ]

Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system. When this clock provider adds its clock, the clk mutex is locked already, it needs to access i2c, which in return needs the mutex for clk_get_rate as well.

Signed-off-by: Alexander Stein alexander.stein@ew.tq-group.com Reviewed-by: Uwe Kleine-König u.kleine-koenig@pengutronix.de Reviewed-by: Andi Shyti andi.shyti@kernel.org Signed-off-by: Andi Shyti andi.shyti@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: dinglongwei dinglongwei1@huawei.com --- drivers/i2c/busses/i2c-imx-lpi2c.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/drivers/i2c/busses/i2c-imx-lpi2c.c b/drivers/i2c/busses/i2c-imx-lpi2c.c index 678b30e90492..14473c223cfa 100644 --- a/drivers/i2c/busses/i2c-imx-lpi2c.c +++ b/drivers/i2c/busses/i2c-imx-lpi2c.c @@ -99,6 +99,7 @@ struct lpi2c_imx_struct { __u8 *rx_buf; __u8 *tx_buf; struct completion complete; + unsigned long rate_per; unsigned int msglen; unsigned int delivered; unsigned int block_data; @@ -207,9 +208,7 @@ static int lpi2c_imx_config(struct lpi2c_imx_struct *lpi2c_imx)

lpi2c_imx_set_mode(lpi2c_imx);

- clk_rate = clk_get_rate(lpi2c_imx->clks[0].clk); - if (!clk_rate) - return -EINVAL; + clk_rate = lpi2c_imx->rate_per;

if (lpi2c_imx->mode == HS || lpi2c_imx->mode == ULTRA_FAST) filt = 0; @@ -590,6 +589,20 @@ static int lpi2c_imx_probe(struct platform_device *pdev) if (ret) return ret;

+ /* + * Lock the parent clock rate to avoid getting parent clock upon + * each transfer + */ + ret = devm_clk_rate_exclusive_get(&pdev->dev, lpi2c_imx->clks[0].clk); + if (ret) + return dev_err_probe(&pdev->dev, ret, + "can't lock I2C peripheral clock rate\n"); + + lpi2c_imx->rate_per = clk_get_rate(lpi2c_imx->clks[0].clk); + if (!lpi2c_imx->rate_per) + return dev_err_probe(&pdev->dev, -EINVAL, + "can't get I2C peripheral clock rate\n"); + pm_runtime_set_autosuspend_delay(&pdev->dev, I2C_PM_TIMEOUT); pm_runtime_use_autosuspend(&pdev->dev); pm_runtime_get_noresume(&pdev->dev);