--- /dev/null
+From a3f2fd22743fc56dd5e3896a3fbddd276df1577f Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 18 Aug 2022 15:57:20 +0200
+Subject: musb: fix USB_MUSB_TUSB6010 dependency
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit a3f2fd22743fc56dd5e3896a3fbddd276df1577f upstream.
+
+Turning on NOP_USB_XCEIV as builtin broke the TUSB6010 driver because
+of an older issue with the depencency.
+
+It is not necessary to forbid NOP_USB_XCEIV=y in combination with
+USB_MUSB_HDRC=m, but only the reverse, which causes the link failure
+from the original Kconfig change.
+
+Use the correct dependency to still allow NOP_USB_XCEIV=n or
+NOP_USB_XCEIV=y but forbid NOP_USB_XCEIV=m when USB_MUSB_HDRC=m
+to fix the multi_v7_defconfig for tusb.
+
+Fixes: ab37a7a890c1 ("ARM: multi_v7_defconfig: Make NOP_USB_XCEIV driver built-in")
+Fixes: c0442479652b ("usb: musb: Fix randconfig build issues for Kconfig options")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Link: https://lore.kernel.org/r/20220818135737.3143895-10-arnd@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/musb/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/musb/Kconfig
++++ b/drivers/usb/musb/Kconfig
+@@ -86,7 +86,7 @@ config USB_MUSB_TUSB6010
+ tristate "TUSB6010"
+ depends on HAS_IOMEM
+ depends on ARCH_OMAP2PLUS || COMPILE_TEST
+- depends on NOP_USB_XCEIV = USB_MUSB_HDRC # both built-in or both modules
++ depends on NOP_USB_XCEIV!=m || USB_MUSB_HDRC=m
+
+ config USB_MUSB_OMAP2PLUS
+ tristate "OMAP2430 and onwards"
--- /dev/null
+From c7acee3d2f128a38b68fb7af85dbbd91bfd0b4ad Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <masahiroy@kernel.org>
+Date: Sun, 21 Aug 2022 01:51:29 +0900
+Subject: powerpc: align syscall table for ppc32
+
+From: Masahiro Yamada <masahiroy@kernel.org>
+
+commit c7acee3d2f128a38b68fb7af85dbbd91bfd0b4ad upstream.
+
+Christophe Leroy reported that commit 7b4537199a4a ("kbuild: link
+symbol CRCs at final link, removing CONFIG_MODULE_REL_CRCS") broke
+mpc85xx_defconfig + CONFIG_RELOCATABLE=y.
+
+ LD vmlinux
+ SYSMAP System.map
+ SORTTAB vmlinux
+ CHKREL vmlinux
+ WARNING: 451 bad relocations
+ c0b312a9 R_PPC_UADDR32 .head.text-0x3ff9ed54
+ c0b312ad R_PPC_UADDR32 .head.text-0x3ffac224
+ c0b312b1 R_PPC_UADDR32 .head.text-0x3ffb09f4
+ c0b312b5 R_PPC_UADDR32 .head.text-0x3fe184dc
+ c0b312b9 R_PPC_UADDR32 .head.text-0x3fe183a8
+ ...
+
+The compiler emits a bunch of R_PPC_UADDR32, which is not supported by
+arch/powerpc/kernel/reloc_32.S.
+
+The reason is there exists an unaligned symbol.
+
+ $ powerpc-linux-gnu-nm -n vmlinux
+ ...
+ c0b31258 d spe_aligninfo
+ c0b31298 d __func__.0
+ c0b312a9 D sys_call_table
+ c0b319b8 d __func__.0
+
+Commit 7b4537199a4a is not the root cause. Even before that, I can
+reproduce the same issue for mpc85xx_defconfig + CONFIG_RELOCATABLE=y
++ CONFIG_MODVERSIONS=n.
+
+It is just that nobody noticed because when CONFIG_MODVERSIONS is
+enabled, a __crc_* symbol inserted before sys_call_table was hiding the
+unalignment issue.
+
+Adding alignment to the syscall table for ppc32 fixes the issue.
+
+Cc: stable@vger.kernel.org
+Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Tested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
+[mpe: Trim change log discussion, add Cc stable]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/lkml/38605f6a-a568-f884-f06f-ea4da5b214f0@csgroup.eu/
+Link: https://lore.kernel.org/r/20220820165129.1147589-1-masahiroy@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kernel/systbl.S | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/powerpc/kernel/systbl.S
++++ b/arch/powerpc/kernel/systbl.S
+@@ -18,6 +18,7 @@
+ .p2align 3
+ #define __SYSCALL(nr, entry) .8byte entry
+ #else
++ .p2align 2
+ #define __SYSCALL(nr, entry) .long entry
+ #endif
+
--- /dev/null
+From 91926d8b7e71aaf5f84f0cf208fc5a8b7a761050 Mon Sep 17 00:00:00 2001
+From: Michael Ellerman <mpe@ellerman.id.au>
+Date: Tue, 23 Aug 2022 21:59:52 +1000
+Subject: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+commit 91926d8b7e71aaf5f84f0cf208fc5a8b7a761050 upstream.
+
+The semi-recent changes to MSR handling when entering RTAS (firmware)
+cause crashes on IBM Cell machines. An example trace:
+
+ kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)
+ BUG: Unable to handle kernel instruction fetch
+ Faulting instruction address: 0x2fff01a8
+ Oops: Kernel access of bad area, sig: 11 [#1]
+ BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell
+ Modules linked in:
+ CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207
+ NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000
+ REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a)
+ MSR: 0000000008001002 <ME,RI> CR: 00000000 XER: 20000000
+ ...
+ NIP 0x2fff01a8
+ LR 0x32608
+ Call Trace:
+ 0xc00000000143c5f8 (unreliable)
+ .rtas_call+0x224/0x320
+ .rtas_get_boot_time+0x70/0x150
+ .read_persistent_clock64+0x114/0x140
+ .read_persistent_wall_and_boot_offset+0x24/0x80
+ .timekeeping_init+0x40/0x29c
+ .start_kernel+0x674/0x8f0
+ start_here_common+0x1c/0x50
+
+Unlike PAPR platforms where RTAS is only used in guests, on the IBM Cell
+machines Linux runs with MSR[HV] set but also uses RTAS, provided by
+SLOF.
+
+Fix it by copying the MSR[HV] bit from the MSR value we've just read
+using mfmsr into the value used for RTAS.
+
+It seems like we could also fix it using an #ifdef CELL to set MSR[HV],
+but that doesn't work because it's possible to build a single kernel
+image that runs on both Cell native and pseries.
+
+Fixes: b6b1c3ce06ca ("powerpc/rtas: Keep MSR[RI] set when calling RTAS")
+Cc: stable@vger.kernel.org # v5.19+
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Reviewed-by: Jordan Niethe <jniethe5@gmail.com>
+Link: https://lore.kernel.org/r/20220823115952.1203106-2-mpe@ellerman.id.au
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kernel/rtas_entry.S | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/powerpc/kernel/rtas_entry.S
++++ b/arch/powerpc/kernel/rtas_entry.S
+@@ -109,8 +109,12 @@ __enter_rtas:
+ * its critical regions (as specified in PAPR+ section 7.2.1). MSR[S]
+ * is not impacted by RFI_TO_KERNEL (only urfid can unset it). So if
+ * MSR[S] is set, it will remain when entering RTAS.
++ * If we're in HV mode, RTAS must also run in HV mode, so extract MSR_HV
++ * from the saved MSR value and insert into the value RTAS will use.
+ */
++ extrdi r0, r6, 1, 63 - MSR_HV_LG
+ LOAD_REG_IMMEDIATE(r6, MSR_ME | MSR_RI)
++ insrdi r6, r0, 1, 63 - MSR_HV_LG
+
+ li r0,0
+ mtmsrd r0,1 /* disable RI before using SRR0/1 */
--- /dev/null
+From 310d1344e3c58cc2d625aa4e52cfcb7d8a26fcbf Mon Sep 17 00:00:00 2001
+From: Michael Ellerman <mpe@ellerman.id.au>
+Date: Tue, 23 Aug 2022 21:59:51 +1000
+Subject: Revert "powerpc: Remove unused FW_FEATURE_NATIVE references"
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+commit 310d1344e3c58cc2d625aa4e52cfcb7d8a26fcbf upstream.
+
+This reverts commit 79b74a68486765a4fe685ac4069bc71366c538f5.
+
+It broke booting on IBM Cell machines when the kernel is also built with
+CONFIG_PPC_PS3=y.
+
+That's because FW_FEATURE_NATIVE_ALWAYS = 0 does have an important
+effect, which is to clear the PS3 ALWAYS features from
+FW_FEATURE_ALWAYS.
+
+Note that CONFIG_PPC_NATIVE has since been renamed
+CONFIG_PPC_HASH_MMU_NATIVE.
+
+Fixes: 79b74a684867 ("powerpc: Remove unused FW_FEATURE_NATIVE references")
+Cc: stable@vger.kernel.org # v5.17+
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20220823115952.1203106-1-mpe@ellerman.id.au
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/include/asm/firmware.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/arch/powerpc/include/asm/firmware.h
++++ b/arch/powerpc/include/asm/firmware.h
+@@ -82,6 +82,8 @@ enum {
+ FW_FEATURE_POWERNV_ALWAYS = 0,
+ FW_FEATURE_PS3_POSSIBLE = FW_FEATURE_LPAR | FW_FEATURE_PS3_LV1,
+ FW_FEATURE_PS3_ALWAYS = FW_FEATURE_LPAR | FW_FEATURE_PS3_LV1,
++ FW_FEATURE_NATIVE_POSSIBLE = 0,
++ FW_FEATURE_NATIVE_ALWAYS = 0,
+ FW_FEATURE_POSSIBLE =
+ #ifdef CONFIG_PPC_PSERIES
+ FW_FEATURE_PSERIES_POSSIBLE |
+@@ -92,6 +94,9 @@ enum {
+ #ifdef CONFIG_PPC_PS3
+ FW_FEATURE_PS3_POSSIBLE |
+ #endif
++#ifdef CONFIG_PPC_HASH_MMU_NATIVE
++ FW_FEATURE_NATIVE_ALWAYS |
++#endif
+ 0,
+ FW_FEATURE_ALWAYS =
+ #ifdef CONFIG_PPC_PSERIES
+@@ -103,6 +108,9 @@ enum {
+ #ifdef CONFIG_PPC_PS3
+ FW_FEATURE_PS3_ALWAYS &
+ #endif
++#ifdef CONFIG_PPC_HASH_MMU_NATIVE
++ FW_FEATURE_NATIVE_ALWAYS &
++#endif
+ FW_FEATURE_POSSIBLE,
+
+ #else /* CONFIG_PPC64 */
staging-rtl8712-fix-use-after-free-bugs.patch
staging-r8188eu-add-rosewill-usb-n150-nano-to-device-tables.patch
staging-r8188eu-add-firmware-dependency.patch
+revert-powerpc-remove-unused-fw_feature_native-references.patch
+powerpc-align-syscall-table-for-ppc32.patch
+powerpc-rtas-fix-rtas-msr-handling-for-cell.patch
+vt-clear-selection-before-changing-the-font.patch
+musb-fix-usb_musb_tusb6010-dependency.patch
--- /dev/null
+From 566f9c9f89337792070b5a6062dff448b3e7977f Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sat, 30 Jul 2022 20:50:18 +0200
+Subject: vt: Clear selection before changing the font
+
+From: Helge Deller <deller@gmx.de>
+
+commit 566f9c9f89337792070b5a6062dff448b3e7977f upstream.
+
+When changing the console font with ioctl(KDFONTOP) the new font size
+can be bigger than the previous font. A previous selection may thus now
+be outside of the new screen size and thus trigger out-of-bounds
+accesses to graphics memory if the selection is removed in
+vc_do_resize().
+
+Prevent such out-of-memory accesses by dropping the selection before the
+various con_font_set() console handlers are called.
+
+Reported-by: syzbot+14b0e8f3fd1612e35350@syzkaller.appspotmail.com
+Cc: stable <stable@kernel.org>
+Tested-by: Khalid Masum <khalid.masum.92@gmail.com>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Link: https://lore.kernel.org/r/YuV9apZGNmGfjcor@p100
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/vt/vt.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -4662,9 +4662,11 @@ static int con_font_set(struct vc_data *
+ console_lock();
+ if (vc->vc_mode != KD_TEXT)
+ rc = -EINVAL;
+- else if (vc->vc_sw->con_font_set)
++ else if (vc->vc_sw->con_font_set) {
++ if (vc_is_sel(vc))
++ clear_selection();
+ rc = vc->vc_sw->con_font_set(vc, &font, op->flags);
+- else
++ } else
+ rc = -ENOSYS;
+ console_unlock();
+ kfree(font.data);
+@@ -4691,9 +4693,11 @@ static int con_font_default(struct vc_da
+ console_unlock();
+ return -EINVAL;
+ }
+- if (vc->vc_sw->con_font_default)
++ if (vc->vc_sw->con_font_default) {
++ if (vc_is_sel(vc))
++ clear_selection();
+ rc = vc->vc_sw->con_font_default(vc, &font, s);
+- else
++ } else
+ rc = -ENOSYS;
+ console_unlock();
+ if (!rc) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
