From 71eb5911dba08af71d9ff9c799de2861d59a90d1 Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Fri, 16 Jan 2026 17:16:04 -0500 Subject: [PATCH] Add >= 6.17 AMD patches from @tycho --- config.yaml | 4 ++ ...x-integer-divide-by-zero-during-init.patch | 51 +++++++++++++++++++ ...-null-pointer-dereference-if-amd_smn.patch | 49 ++++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 patches/0002-x86-amd_node-fix-integer-divide-by-zero-during-init.patch create mode 100644 patches/0003-x86-amd_node-fix-null-pointer-dereference-if-amd_smn.patch diff --git a/config.yaml b/config.yaml index 7f1994a..90b57cd 100644 --- a/config.yaml +++ b/config.yaml @@ -76,6 +76,10 @@ patches: lower: '6.16' - patch: 0001-9p-xen-mark-9p-transport-device-as-closing-when-remo.patch lower: '6.1' +- patch: 0002-x86-amd_node-fix-integer-divide-by-zero-during-init.patch + lower: '6.17' +- patch: 0003-x86-amd_node-fix-null-pointer-dereference-if-amd_smn.patch + lower: '6.17' images: - target: kernelsrc name: kernel-src diff --git a/patches/0002-x86-amd_node-fix-integer-divide-by-zero-during-init.patch b/patches/0002-x86-amd_node-fix-integer-divide-by-zero-during-init.patch new file mode 100644 index 0000000..70bd364 --- /dev/null +++ b/patches/0002-x86-amd_node-fix-integer-divide-by-zero-during-init.patch @@ -0,0 +1,51 @@ +From 31d0c56ed10f08e0411a549c3398f7e3d93b899a Mon Sep 17 00:00:00 2001 +From: Steven Noonan +Date: Fri, 14 Nov 2025 10:34:21 -0800 +Subject: [PATCH 2/3] x86/amd_node: fix integer divide by zero during init + +On a Xen dom0 boot, this feature does not behave, and we end up +calculating: + + num_roots = 1 + num_nodes = 2 + roots_per_node = 0 + +This causes a divide-by-zero in the modulus inside the loop. + +This change adds a couple of guards for invalid states where we might +get a divide-by-zero. + +Signed-off-by: Steven Noonan +Signed-off-by: Ariadne Conill +CC: Yazen Ghannam +CC: x86@vger.kernel.org +CC: stable@vger.kernel.org +--- + arch/x86/kernel/amd_node.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/arch/x86/kernel/amd_node.c b/arch/x86/kernel/amd_node.c +index 3d0a4768d603..cdc6ba224d4a 100644 +--- a/arch/x86/kernel/amd_node.c ++++ b/arch/x86/kernel/amd_node.c +@@ -282,6 +282,17 @@ static int __init amd_smn_init(void) + return -ENODEV; + + num_nodes = amd_num_nodes(); ++ ++ if (!num_nodes) ++ return -ENODEV; ++ ++ /* Possibly a virtualized environment (e.g. Xen) where we will get ++ * roots_per_node=0 if the number of roots is fewer than number of ++ * nodes ++ */ ++ if (num_roots < num_nodes) ++ return -ENODEV; ++ + amd_roots = kcalloc(num_nodes, sizeof(*amd_roots), GFP_KERNEL); + if (!amd_roots) + return -ENOMEM; +-- +2.51.2 + diff --git a/patches/0003-x86-amd_node-fix-null-pointer-dereference-if-amd_smn.patch b/patches/0003-x86-amd_node-fix-null-pointer-dereference-if-amd_smn.patch new file mode 100644 index 0000000..75b3b17 --- /dev/null +++ b/patches/0003-x86-amd_node-fix-null-pointer-dereference-if-amd_smn.patch @@ -0,0 +1,49 @@ +From 33ecda262c724d29f589bafb335c1afc4f47bdd7 Mon Sep 17 00:00:00 2001 +From: Steven Noonan +Date: Fri, 14 Nov 2025 11:41:48 -0800 +Subject: [PATCH 3/3] x86/amd_node: fix null pointer dereference if + amd_smn_init failed + +We should be checking the `smn_exclusive` flag before anything else, +because that indicates whether we got through `amd_smn_init` +successfully. + +Without this change, we dereference `amd_roots` even though it may not +be allocated. + +Signed-off-by: Steven Noonan +Signed-off-by: Ariadne Conill +CC: Yazen Ghannam +CC: x86@vger.kernel.org +CC: stable@vger.kernel.org +--- + arch/x86/kernel/amd_node.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/amd_node.c b/arch/x86/kernel/amd_node.c +index cdc6ba224d4a..919932339f4a 100644 +--- a/arch/x86/kernel/amd_node.c ++++ b/arch/x86/kernel/amd_node.c +@@ -88,6 +88,9 @@ static int __amd_smn_rw(u8 i_off, u8 d_off, u16 node, u32 address, u32 *value, b + struct pci_dev *root; + int err = -ENODEV; + ++ if (!smn_exclusive) ++ return err; ++ + if (node >= amd_num_nodes()) + return err; + +@@ -95,9 +98,6 @@ static int __amd_smn_rw(u8 i_off, u8 d_off, u16 node, u32 address, u32 *value, b + if (!root) + return err; + +- if (!smn_exclusive) +- return err; +- + guard(mutex)(&smn_mutex); + + err = pci_write_config_dword(root, i_off, address); +-- +2.51.2 +