--- /dev/null
+From a56d00e08ab21618e1b7f1c002e3addc82173c19 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 3 Feb 2021 10:03:20 +0100
+Subject: ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL
+
+From: Alexandre Belloni <alexandre.belloni@bootlin.com>
+
+[ Upstream commit 5638159f6d93b99ec9743ac7f65563fca3cf413d ]
+
+This reverts commit c17e9377aa81664d94b4f2102559fcf2a01ec8e7.
+
+The lpc32xx clock driver is not able to actually change the PLL rate as
+this would require reparenting ARM_CLK, DDRAM_CLK, PERIPH_CLK to SYSCLK,
+then stop the PLL, update the register, restart the PLL and wait for the
+PLL to lock and finally reparent ARM_CLK, DDRAM_CLK, PERIPH_CLK to HCLK
+PLL.
+
+Currently, the HCLK driver simply updates the registers but this has no
+real effect and all the clock rate calculation end up being wrong. This is
+especially annoying for the peripheral (e.g. UARTs, I2C, SPI).
+
+Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Tested-by: Gregory CLEMENT <gregory.clement@bootlin.com>
+Link: https://lore.kernel.org/r/20210203090320.GA3760268@piout.net'
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/lpc32xx.dtsi | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/arch/arm/boot/dts/lpc32xx.dtsi b/arch/arm/boot/dts/lpc32xx.dtsi
+index c5b119ddb70b8..7f2b73cbd2280 100644
+--- a/arch/arm/boot/dts/lpc32xx.dtsi
++++ b/arch/arm/boot/dts/lpc32xx.dtsi
+@@ -323,9 +323,6 @@
+
+ clocks = <&xtal_32k>, <&xtal>;
+ clock-names = "xtal_32k", "xtal";
+-
+- assigned-clocks = <&clk LPC32XX_CLK_HCLK_PLL>;
+- assigned-clock-rates = <208000000>;
+ };
+ };
+
+--
+2.27.0
+
--- /dev/null
+From 65dec628248ebdbbb1bda06b722e2d8ad5b40b73 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 29 Jan 2021 10:19:07 +0000
+Subject: ARM: ensure the signal page contains defined contents
+
+From: Russell King <rmk+kernel@armlinux.org.uk>
+
+[ Upstream commit 9c698bff66ab4914bb3d71da7dc6112519bde23e ]
+
+Ensure that the signal page contains our poison instruction to increase
+the protection against ROP attacks and also contains well defined
+contents.
+
+Acked-by: Will Deacon <will@kernel.org>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/kernel/signal.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
+index 02e6b6dfffa7e..19e4ff507209b 100644
+--- a/arch/arm/kernel/signal.c
++++ b/arch/arm/kernel/signal.c
+@@ -667,18 +667,20 @@ struct page *get_signal_page(void)
+
+ addr = page_address(page);
+
++ /* Poison the entire page */
++ memset32(addr, __opcode_to_mem_arm(0xe7fddef1),
++ PAGE_SIZE / sizeof(u32));
++
+ /* Give the signal return code some randomness */
+ offset = 0x200 + (get_random_int() & 0x7fc);
+ signal_return_offset = offset;
+
+- /*
+- * Copy signal return handlers into the vector page, and
+- * set sigreturn to be a pointer to these.
+- */
++ /* Copy signal return handlers into the page */
+ memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));
+
+- ptr = (unsigned long)addr + offset;
+- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes));
++ /* Flush out all instructions in this page */
++ ptr = (unsigned long)addr;
++ flush_icache_range(ptr, ptr + PAGE_SIZE);
+
+ return page;
+ }
+--
+2.27.0
+
--- /dev/null
+From 8879874d89275c8117c90a28b4c9b161394d1685 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 15 Aug 2020 13:51:12 +0100
+Subject: arm64: dts: rockchip: Fix PCIe DT properties on rk3399
+
+From: Marc Zyngier <maz@kernel.org>
+
+[ Upstream commit 43f20b1c6140896916f4e91aacc166830a7ba849 ]
+
+It recently became apparent that the lack of a 'device_type = "pci"'
+in the PCIe root complex node for rk3399 is a violation of the PCI
+binding, as documented in IEEE Std 1275-1994. Changes to the kernel's
+parsing of the DT made such violation fatal, as drivers cannot
+probe the controller anymore.
+
+Add the missing property makes the PCIe node compliant. While we
+are at it, drop the pointless linux,pci-domain property, which only
+makes sense when there are multiple host bridges.
+
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20200815125112.462652-3-maz@kernel.org
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+index 82747048381fa..721f4b6b262f1 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+@@ -231,6 +231,7 @@
+ reg = <0x0 0xf8000000 0x0 0x2000000>,
+ <0x0 0xfd000000 0x0 0x1000000>;
+ reg-names = "axi-base", "apb-base";
++ device_type = "pci";
+ #address-cells = <3>;
+ #size-cells = <2>;
+ #interrupt-cells = <1>;
+@@ -249,7 +250,6 @@
+ <0 0 0 2 &pcie0_intc 1>,
+ <0 0 0 3 &pcie0_intc 2>,
+ <0 0 0 4 &pcie0_intc 3>;
+- linux,pci-domain = <0>;
+ max-link-speed = <1>;
+ msi-map = <0x0 &its 0x0 0x1000>;
+ phys = <&pcie_phy 0>, <&pcie_phy 1>,
+--
+2.27.0
+
--- /dev/null
+From 112b64583cdec25d2b64f246f883d3501710e438 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 28 Jan 2021 10:22:48 +0100
+Subject: cap: fix conversions on getxattr
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+[ Upstream commit f2b00be488730522d0fb7a8a5de663febdcefe0a ]
+
+If a capability is stored on disk in v2 format cap_inode_getsecurity() will
+currently return in v2 format unconditionally.
+
+This is wrong: v2 cap should be equivalent to a v3 cap with zero rootid,
+and so the same conversions performed on it.
+
+If the rootid cannot be mapped, v3 is returned unconverted. Fix this so
+that both v2 and v3 return -EOVERFLOW if the rootid (or the owner of the fs
+user namespace in case of v2) cannot be mapped into the current user
+namespace.
+
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ security/commoncap.c | 67 ++++++++++++++++++++++++++++----------------
+ 1 file changed, 43 insertions(+), 24 deletions(-)
+
+diff --git a/security/commoncap.c b/security/commoncap.c
+index ac031fa391908..bf689d61b293c 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -378,10 +378,11 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
+ {
+ int size, ret;
+ kuid_t kroot;
++ u32 nsmagic, magic;
+ uid_t root, mappedroot;
+ char *tmpbuf = NULL;
+ struct vfs_cap_data *cap;
+- struct vfs_ns_cap_data *nscap;
++ struct vfs_ns_cap_data *nscap = NULL;
+ struct dentry *dentry;
+ struct user_namespace *fs_ns;
+
+@@ -403,46 +404,61 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
+ fs_ns = inode->i_sb->s_user_ns;
+ cap = (struct vfs_cap_data *) tmpbuf;
+ if (is_v2header((size_t) ret, cap)) {
+- /* If this is sizeof(vfs_cap_data) then we're ok with the
+- * on-disk value, so return that. */
+- if (alloc)
+- *buffer = tmpbuf;
+- else
+- kfree(tmpbuf);
+- return ret;
+- } else if (!is_v3header((size_t) ret, cap)) {
+- kfree(tmpbuf);
+- return -EINVAL;
++ root = 0;
++ } else if (is_v3header((size_t) ret, cap)) {
++ nscap = (struct vfs_ns_cap_data *) tmpbuf;
++ root = le32_to_cpu(nscap->rootid);
++ } else {
++ size = -EINVAL;
++ goto out_free;
+ }
+
+- nscap = (struct vfs_ns_cap_data *) tmpbuf;
+- root = le32_to_cpu(nscap->rootid);
+ kroot = make_kuid(fs_ns, root);
+
+ /* If the root kuid maps to a valid uid in current ns, then return
+ * this as a nscap. */
+ mappedroot = from_kuid(current_user_ns(), kroot);
+ if (mappedroot != (uid_t)-1 && mappedroot != (uid_t)0) {
++ size = sizeof(struct vfs_ns_cap_data);
+ if (alloc) {
+- *buffer = tmpbuf;
++ if (!nscap) {
++ /* v2 -> v3 conversion */
++ nscap = kzalloc(size, GFP_ATOMIC);
++ if (!nscap) {
++ size = -ENOMEM;
++ goto out_free;
++ }
++ nsmagic = VFS_CAP_REVISION_3;
++ magic = le32_to_cpu(cap->magic_etc);
++ if (magic & VFS_CAP_FLAGS_EFFECTIVE)
++ nsmagic |= VFS_CAP_FLAGS_EFFECTIVE;
++ memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
++ nscap->magic_etc = cpu_to_le32(nsmagic);
++ } else {
++ /* use allocated v3 buffer */
++ tmpbuf = NULL;
++ }
+ nscap->rootid = cpu_to_le32(mappedroot);
+- } else
+- kfree(tmpbuf);
+- return size;
++ *buffer = nscap;
++ }
++ goto out_free;
+ }
+
+ if (!rootid_owns_currentns(kroot)) {
+- kfree(tmpbuf);
+- return -EOPNOTSUPP;
++ size = -EOVERFLOW;
++ goto out_free;
+ }
+
+ /* This comes from a parent namespace. Return as a v2 capability */
+ size = sizeof(struct vfs_cap_data);
+ if (alloc) {
+- *buffer = kmalloc(size, GFP_ATOMIC);
+- if (*buffer) {
+- struct vfs_cap_data *cap = *buffer;
+- __le32 nsmagic, magic;
++ if (nscap) {
++ /* v3 -> v2 conversion */
++ cap = kzalloc(size, GFP_ATOMIC);
++ if (!cap) {
++ size = -ENOMEM;
++ goto out_free;
++ }
+ magic = VFS_CAP_REVISION_2;
+ nsmagic = le32_to_cpu(nscap->magic_etc);
+ if (nsmagic & VFS_CAP_FLAGS_EFFECTIVE)
+@@ -450,9 +466,12 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
+ memcpy(&cap->data, &nscap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
+ cap->magic_etc = cpu_to_le32(magic);
+ } else {
+- size = -ENOMEM;
++ /* use unconverted v2 */
++ tmpbuf = NULL;
+ }
++ *buffer = cap;
+ }
++out_free:
+ kfree(tmpbuf);
+ return size;
+ }
+--
+2.27.0
+
--- /dev/null
+From b241d0a4ffff7a157ca652906b4b2df81874cbd9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 28 Jan 2021 10:22:48 +0100
+Subject: ovl: perform vfs_getxattr() with mounter creds
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+[ Upstream commit 554677b97257b0b69378bd74e521edb7e94769ff ]
+
+The vfs_getxattr() in ovl_xattr_set() is used to check whether an xattr
+exist on a lower layer file that is to be removed. If the xattr does not
+exist, then no need to copy up the file.
+
+This call of vfs_getxattr() wasn't wrapped in credential override, and this
+is probably okay. But for consitency wrap this instance as well.
+
+Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/overlayfs/inode.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
+index 30a1c7fc8c75c..ac6efac119fb9 100644
+--- a/fs/overlayfs/inode.c
++++ b/fs/overlayfs/inode.c
+@@ -216,7 +216,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name,
+ goto out;
+
+ if (!value && !upperdentry) {
++ old_cred = ovl_override_creds(dentry->d_sb);
+ err = vfs_getxattr(realdentry, name, NULL, 0);
++ revert_creds(old_cred);
+ if (err < 0)
+ goto out_drop_write;
+ }
+--
+2.27.0
+
--- /dev/null
+From f7388096ee6e9d450d0dc0cfff355d185d7c4c57 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 19 Dec 2020 12:16:08 +0200
+Subject: ovl: skip getxattr of security labels
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+[ Upstream commit 03fedf93593c82538b18476d8c4f0e8f8435ea70 ]
+
+When inode has no listxattr op of its own (e.g. squashfs) vfs_listxattr
+calls the LSM inode_listsecurity hooks to list the xattrs that LSMs will
+intercept in inode_getxattr hooks.
+
+When selinux LSM is installed but not initialized, it will list the
+security.selinux xattr in inode_listsecurity, but will not intercept it
+in inode_getxattr. This results in -ENODATA for a getxattr call for an
+xattr returned by listxattr.
+
+This situation was manifested as overlayfs failure to copy up lower
+files from squashfs when selinux is built-in but not initialized,
+because ovl_copy_xattr() iterates the lower inode xattrs by
+vfs_listxattr() and vfs_getxattr().
+
+ovl_copy_xattr() skips copy up of security labels that are indentified by
+inode_copy_up_xattr LSM hooks, but it does that after vfs_getxattr().
+Since we are not going to copy them, skip vfs_getxattr() of the security
+labels.
+
+Reported-by: Michael Labriola <michael.d.labriola@gmail.com>
+Tested-by: Michael Labriola <michael.d.labriola@gmail.com>
+Link: https://lore.kernel.org/linux-unionfs/2nv9d47zt7.fsf@aldarion.sourceruckus.org/
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/overlayfs/copy_up.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
+index b97fc1df62128..f3ed80e2966c3 100644
+--- a/fs/overlayfs/copy_up.c
++++ b/fs/overlayfs/copy_up.c
+@@ -95,6 +95,14 @@ int ovl_copy_xattr(struct dentry *old, struct dentry *new)
+
+ if (ovl_is_private_xattr(name))
+ continue;
++
++ error = security_inode_copy_up_xattr(name);
++ if (error < 0 && error != -EOPNOTSUPP)
++ break;
++ if (error == 1) {
++ error = 0;
++ continue; /* Discard */
++ }
+ retry:
+ size = vfs_getxattr(old, name, value, value_size);
+ if (size == -ERANGE)
+@@ -118,13 +126,6 @@ retry:
+ goto retry;
+ }
+
+- error = security_inode_copy_up_xattr(name);
+- if (error < 0 && error != -EOPNOTSUPP)
+- break;
+- if (error == 1) {
+- error = 0;
+- continue; /* Discard */
+- }
+ error = vfs_setxattr(new, name, value, size, 0);
+ if (error)
+ break;
+--
+2.27.0
+
--- /dev/null
+From ccdc68caf257f5cf83cef60b02cc1b2ca16a837e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 20 Jan 2021 13:49:41 +0100
+Subject: platform/x86: hp-wmi: Disable tablet-mode reporting by default
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+[ Upstream commit 67fbe02a5cebc3c653610f12e3c0424e58450153 ]
+
+Recently userspace has started making more use of SW_TABLET_MODE
+(when an input-dev reports this).
+
+Specifically recent GNOME3 versions will:
+
+1. When SW_TABLET_MODE is reported and is reporting 0:
+1.1 Disable accelerometer-based screen auto-rotation
+1.2 Disable automatically showing the on-screen keyboard when a
+ text-input field is focussed
+
+2. When SW_TABLET_MODE is reported and is reporting 1:
+2.1 Ignore input-events from the builtin keyboard and touchpad
+ (this is for 360° hinges style 2-in-1s where the keyboard and
+ touchpads are accessible on the back of the tablet when folded
+ into tablet-mode)
+
+This means that claiming to support SW_TABLET_MODE when it does not
+actually work / reports correct values has bad side-effects.
+
+The check in the hp-wmi code which is used to decide if the input-dev
+should claim SW_TABLET_MODE support, only checks if the
+HPWMI_HARDWARE_QUERY is supported. It does *not* check if the hardware
+actually is capable of reporting SW_TABLET_MODE.
+
+This leads to the hp-wmi input-dev claiming SW_TABLET_MODE support,
+while in reality it will always report 0 as SW_TABLET_MODE value.
+This has been seen on a "HP ENVY x360 Convertible 15-cp0xxx" and
+this likely is the case on a whole lot of other HP models.
+
+This problem causes both auto-rotation and on-screen keyboard
+support to not work on affected x360 models.
+
+There is no easy fix for this, but since userspace expects
+SW_TABLET_MODE reporting to be reliable when advertised it is
+better to not claim/report SW_TABLET_MODE support at all, then
+to claim to support it while it does not work.
+
+To avoid the mentioned problems, add a new enable_tablet_mode_sw
+module-parameter which defaults to false.
+
+Note I've made this an int using the standard -1=auto, 0=off, 1=on
+triplett, with the hope that in the future we can come up with a
+better way to detect SW_TABLET_MODE support. ATM the default
+auto option just does the same as off.
+
+BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1918255
+Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Acked-by: Mark Gross <mgross@linux.intel.com>
+Link: https://lore.kernel.org/r/20210120124941.73409-1-hdegoede@redhat.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/platform/x86/hp-wmi.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
+index 952544ca0d84d..93fadd4abf14d 100644
+--- a/drivers/platform/x86/hp-wmi.c
++++ b/drivers/platform/x86/hp-wmi.c
+@@ -45,6 +45,10 @@ MODULE_LICENSE("GPL");
+ MODULE_ALIAS("wmi:95F24279-4D7B-4334-9387-ACCDC67EF61C");
+ MODULE_ALIAS("wmi:5FB7F034-2C63-45e9-BE91-3D44E2C707E4");
+
++static int enable_tablet_mode_sw = -1;
++module_param(enable_tablet_mode_sw, int, 0444);
++MODULE_PARM_DESC(enable_tablet_mode_sw, "Enable SW_TABLET_MODE reporting (-1=auto, 0=no, 1=yes)");
++
+ #define HPWMI_EVENT_GUID "95F24279-4D7B-4334-9387-ACCDC67EF61C"
+ #define HPWMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4"
+
+@@ -656,10 +660,12 @@ static int __init hp_wmi_input_setup(void)
+ }
+
+ /* Tablet mode */
+- val = hp_wmi_hw_state(HPWMI_TABLET_MASK);
+- if (!(val < 0)) {
+- __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit);
+- input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val);
++ if (enable_tablet_mode_sw > 0) {
++ val = hp_wmi_hw_state(HPWMI_TABLET_MASK);
++ if (val >= 0) {
++ __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit);
++ input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val);
++ }
+ }
+
+ err = sparse_keymap_setup(hp_wmi_input_dev, hp_wmi_keymap, NULL);
+--
+2.27.0
+
tracing-check-length-before-giving-out-the-filter-buffer.patch
arm-xen-don-t-probe-xenbus-as-part-of-an-early-initcall.patch
mips-bmips-fix-section-mismatch-warning.patch
+arm64-dts-rockchip-fix-pcie-dt-properties-on-rk3399.patch
+platform-x86-hp-wmi-disable-tablet-mode-reporting-by.patch
+ovl-perform-vfs_getxattr-with-mounter-creds.patch
+cap-fix-conversions-on-getxattr.patch
+ovl-skip-getxattr-of-security-labels.patch
+arm-dts-lpc32xx-revert-set-default-clock-rate-of-hcl.patch
+arm-ensure-the-signal-page-contains-defined-contents.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
