--- /dev/null
+From f87b1c49bc675da30d8e1e8f4b60b800312c7b90 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Mon, 10 Feb 2020 02:04:17 +0100
+Subject: ARM: 8958/1: rename missed uaccess .fixup section
+
+From: Kees Cook <keescook@chromium.org>
+
+commit f87b1c49bc675da30d8e1e8f4b60b800312c7b90 upstream.
+
+When the uaccess .fixup section was renamed to .text.fixup, one case was
+missed. Under ld.bfd, the orphaned section was moved close to .text
+(since they share the "ax" bits), so things would work normally on
+uaccess faults. Under ld.lld, the orphaned section was placed outside
+the .text section, making it unreachable.
+
+Link: https://github.com/ClangBuiltLinux/linux/issues/282
+Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1020633#c44
+Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.1912032147340.17114@knanqh.ubzr
+Link: https://lore.kernel.org/lkml/202002071754.F5F073F1D@keescook/
+
+Fixes: c4a84ae39b4a5 ("ARM: 8322/1: keep .text and .fixup regions closer together")
+Cc: stable@vger.kernel.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
+Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/lib/copy_from_user.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/lib/copy_from_user.S
++++ b/arch/arm/lib/copy_from_user.S
+@@ -100,7 +100,7 @@ ENTRY(arm_copy_from_user)
+
+ ENDPROC(arm_copy_from_user)
+
+- .pushsection .fixup,"ax"
++ .pushsection .text.fixup,"ax"
+ .align 0
+ copy_abort_preamble
+ ldmfd sp!, {r1, r2, r3}
--- /dev/null
+From ef1491e791308317bb9851a0ad380c4a68b58d54 Mon Sep 17 00:00:00 2001
+From: Waiman Long <longman@redhat.com>
+Date: Wed, 14 Nov 2018 09:55:40 -0800
+Subject: efi: Fix debugobjects warning on 'efi_rts_work'
+
+From: Waiman Long <longman@redhat.com>
+
+commit ef1491e791308317bb9851a0ad380c4a68b58d54 upstream.
+
+The following commit:
+
+ 9dbbedaa6171 ("efi: Make efi_rts_work accessible to efi page fault handler")
+
+converted 'efi_rts_work' from an auto variable to a global variable.
+However, when submitting the work, INIT_WORK_ONSTACK() was still used,
+causing the following complaint from debugobjects:
+
+ ODEBUG: object 00000000ed27b500 is NOT on stack 00000000c7d38760, but annotated.
+
+Change the macro to just INIT_WORK() to eliminate the warning.
+
+Signed-off-by: Waiman Long <longman@redhat.com>
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Acked-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-efi@vger.kernel.org
+Fixes: 9dbbedaa6171 ("efi: Make efi_rts_work accessible to efi page fault handler")
+Link: http://lkml.kernel.org/r/20181114175544.12860-2-ard.biesheuvel@linaro.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Chris Wilson <chris@chris-wilson.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/efi/runtime-wrappers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/firmware/efi/runtime-wrappers.c
++++ b/drivers/firmware/efi/runtime-wrappers.c
+@@ -62,7 +62,7 @@ struct efi_runtime_work efi_rts_work;
+ efi_rts_work.status = EFI_ABORTED; \
+ \
+ init_completion(&efi_rts_work.efi_rts_comp); \
+- INIT_WORK_ONSTACK(&efi_rts_work.work, efi_call_rts); \
++ INIT_WORK(&efi_rts_work.work, efi_call_rts); \
+ efi_rts_work.arg1 = _arg1; \
+ efi_rts_work.arg2 = _arg2; \
+ efi_rts_work.arg3 = _arg3; \
--- /dev/null
+From 58322a1590fc189a8e1e349d309637d4a4942840 Mon Sep 17 00:00:00 2001
+From: Chen-Tsung Hsieh <chentsung@chromium.org>
+Date: Mon, 16 Mar 2020 15:24:19 +0800
+Subject: HID: google: add moonball USB id
+
+From: Chen-Tsung Hsieh <chentsung@chromium.org>
+
+commit 58322a1590fc189a8e1e349d309637d4a4942840 upstream.
+
+Add 1 additional hammer-like device.
+
+Signed-off-by: Chen-Tsung Hsieh <chentsung@chromium.org>
+Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-google-hammer.c | 2 ++
+ drivers/hid/hid-ids.h | 1 +
+ 2 files changed, 3 insertions(+)
+
+--- a/drivers/hid/hid-google-hammer.c
++++ b/drivers/hid/hid-google-hammer.c
+@@ -125,6 +125,8 @@ static const struct hid_device_id hammer
+ { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC,
+ USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_MASTERBALL) },
+ { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC,
++ USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_MOONBALL) },
++ { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC,
+ USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_STAFF) },
+ { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC,
+ USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_WAND) },
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -468,6 +468,7 @@
+ #define USB_DEVICE_ID_GOOGLE_WHISKERS 0x5030
+ #define USB_DEVICE_ID_GOOGLE_MASTERBALL 0x503c
+ #define USB_DEVICE_ID_GOOGLE_MAGNEMITE 0x503d
++#define USB_DEVICE_ID_GOOGLE_MOONBALL 0x5044
+
+ #define USB_VENDOR_ID_GOTOP 0x08f2
+ #define USB_DEVICE_ID_SUPER_Q2 0x007f
--- /dev/null
+From fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Tue, 17 Mar 2020 01:28:45 +0100
+Subject: mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
+
+From: Jann Horn <jannh@google.com>
+
+commit fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 upstream.
+
+When kmem_cache_alloc_bulk() attempts to allocate N objects from a percpu
+freelist of length M, and N > M > 0, it will first remove the M elements
+from the percpu freelist, then call ___slab_alloc() to allocate the next
+element and repopulate the percpu freelist. ___slab_alloc() can re-enable
+IRQs via allocate_slab(), so the TID must be bumped before ___slab_alloc()
+to properly commit the freelist head change.
+
+Fix it by unconditionally bumping c->tid when entering the slowpath.
+
+Cc: stable@vger.kernel.org
+Fixes: ebe909e0fdb3 ("slub: improve bulk alloc strategy")
+Signed-off-by: Jann Horn <jannh@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slub.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -3104,6 +3104,15 @@ int kmem_cache_alloc_bulk(struct kmem_ca
+
+ if (unlikely(!object)) {
+ /*
++ * We may have removed an object from c->freelist using
++ * the fastpath in the previous iteration; in that case,
++ * c->tid has not been bumped yet.
++ * Since ___slab_alloc() may reenable interrupts while
++ * allocating memory, we should bump c->tid now.
++ */
++ c->tid = next_tid(c->tid);
++
++ /*
+ * Invoking slow path likely have side-effect
+ * of re-populating per CPU c->freelist
+ */
driver-core-fix-creation-of-device-links-with-pm-runtime-flags.patch
net-qrtr-fix-len-of-skb_put_padto-in-qrtr_node_enqueue.patch
arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch
+arm-8958-1-rename-missed-uaccess-.fixup-section.patch
+mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch
+hid-google-add-moonball-usb-id.patch
+efi-fix-debugobjects-warning-on-efi_rts_work.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
