--- /dev/null
+From 32c8c34d8132b5fe8497c2538597445a0d65c29d Mon Sep 17 00:00:00 2001
+From: Dmitry Osipenko <digetx@gmail.com>
+Date: Tue, 2 Mar 2021 12:54:04 +0300
+Subject: cpuidle: tegra: Fix C7 idling state on Tegra114
+
+From: Dmitry Osipenko <digetx@gmail.com>
+
+commit 32c8c34d8132b5fe8497c2538597445a0d65c29d upstream.
+
+Trusted Foundation firmware doesn't implement the do_idle call and in
+this case suspending should fall back to the common suspend path. In order
+to fix this issue we will unconditionally set the NOFLUSH_L2 mode via
+firmware call, which is a NO-OP on Tegra30/124, and then proceed to the
+C7 idling, like it was done by the older Tegra114 cpuidle driver.
+
+Fixes: 14e086baca50 ("cpuidle: tegra: Squash Tegra114 driver into the common driver")
+Cc: stable@vger.kernel.org # 5.7+
+Reported-by: Anton Bambura <jenneron@protonmail.com> # TF701 T114
+Tested-by: Anton Bambura <jenneron@protonmail.com> # TF701 T114
+Tested-by: Matt Merhar <mattmerhar@protonmail.com> # Ouya T30
+Tested-by: Peter Geis <pgwipeout@gmail.com> # Ouya T30
+Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
+Reviewed-by: Daniel Lezcano <daniel.lezcano@linaro.org>
+Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
+Link: https://lore.kernel.org/r/20210302095405.28453-1-digetx@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/cpuidle/cpuidle-tegra.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/cpuidle/cpuidle-tegra.c
++++ b/drivers/cpuidle/cpuidle-tegra.c
+@@ -135,13 +135,13 @@ static int tegra_cpuidle_c7_enter(void)
+ {
+ int err;
+
+- if (tegra_cpuidle_using_firmware()) {
+- err = call_firmware_op(prepare_idle, TF_PM_MODE_LP2_NOFLUSH_L2);
+- if (err)
+- return err;
++ err = call_firmware_op(prepare_idle, TF_PM_MODE_LP2_NOFLUSH_L2);
++ if (err && err != -ENOSYS)
++ return err;
+
+- return call_firmware_op(do_idle, 0);
+- }
++ err = call_firmware_op(do_idle, 0);
++ if (err != -ENOSYS)
++ return err;
+
+ return cpu_suspend(0, tegra30_pm_secondary_cpu_suspend);
+ }
--- /dev/null
+From 19ab233989d0f7ab1de19a036e247afa4a0a1e9c Mon Sep 17 00:00:00 2001
+From: Phillip Potter <phil@philpotter.co.uk>
+Date: Wed, 31 Mar 2021 23:07:19 +0100
+Subject: fbdev: zero-fill colormap in fbcmap.c
+
+From: Phillip Potter <phil@philpotter.co.uk>
+
+commit 19ab233989d0f7ab1de19a036e247afa4a0a1e9c upstream.
+
+Use kzalloc() rather than kmalloc() for the dynamically allocated parts
+of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel
+data to userspace under certain circumstances.
+
+Fixes a KMSAN-found infoleak bug reported by syzbot at:
+https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e
+
+Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com
+Cc: stable <stable@vger.kernel.org>
+Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
+Link: https://lore.kernel.org/r/20210331220719.1499743-1-phil@philpotter.co.uk
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/core/fbcmap.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/video/fbdev/core/fbcmap.c
++++ b/drivers/video/fbdev/core/fbcmap.c
+@@ -101,17 +101,17 @@ int fb_alloc_cmap_gfp(struct fb_cmap *cm
+ if (!len)
+ return 0;
+
+- cmap->red = kmalloc(size, flags);
++ cmap->red = kzalloc(size, flags);
+ if (!cmap->red)
+ goto fail;
+- cmap->green = kmalloc(size, flags);
++ cmap->green = kzalloc(size, flags);
+ if (!cmap->green)
+ goto fail;
+- cmap->blue = kmalloc(size, flags);
++ cmap->blue = kzalloc(size, flags);
+ if (!cmap->blue)
+ goto fail;
+ if (transp) {
+- cmap->transp = kmalloc(size, flags);
++ cmap->transp = kzalloc(size, flags);
+ if (!cmap->transp)
+ goto fail;
+ } else {
--- /dev/null
+From 2d036dfa5f10df9782f5278fc591d79d283c1fad Mon Sep 17 00:00:00 2001
+From: Chen Jun <chenjun102@huawei.com>
+Date: Wed, 14 Apr 2021 03:04:49 +0000
+Subject: posix-timers: Preserve return value in clock_adjtime32()
+
+From: Chen Jun <chenjun102@huawei.com>
+
+commit 2d036dfa5f10df9782f5278fc591d79d283c1fad upstream.
+
+The return value on success (>= 0) is overwritten by the return value of
+put_old_timex32(). That works correct in the fault case, but is wrong for
+the success case where put_old_timex32() returns 0.
+
+Just check the return value of put_old_timex32() and return -EFAULT in case
+it is not zero.
+
+[ tglx: Massage changelog ]
+
+Fixes: 3a4d44b61625 ("ntp: Move adjtimex related compat syscalls to native counterparts")
+Signed-off-by: Chen Jun <chenjun102@huawei.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Richard Cochran <richardcochran@gmail.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20210414030449.90692-1-chenjun102@huawei.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/time/posix-timers.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/time/posix-timers.c
++++ b/kernel/time/posix-timers.c
+@@ -1191,8 +1191,8 @@ SYSCALL_DEFINE2(clock_adjtime32, clockid
+
+ err = do_clock_adjtime(which_clock, &ktx);
+
+- if (err >= 0)
+- err = put_old_timex32(utp, &ktx);
++ if (err >= 0 && put_old_timex32(utp, &ktx))
++ return -EFAULT;
+
+ return err;
+ }
btrfs-fix-race-between-transaction-aborts-and-fsyncs-leading-to-use-after-free.patch
btrfs-zoned-fix-unpaired-block-group-unfreeze-during-device-replace.patch
btrfs-zoned-fail-mount-if-the-device-does-not-support-zone-append.patch
+posix-timers-preserve-return-value-in-clock_adjtime32.patch
+fbdev-zero-fill-colormap-in-fbcmap.c.patch
+cpuidle-tegra-fix-c7-idling-state-on-tegra114.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
