--- /dev/null
+From 8550852f1015e51d7c6d35fc74239170201bc2ab Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 5 May 2020 06:44:43 +0900
+Subject: ath9k_htc: Silence undersized packet warnings
+
+From: Masashi Honma <masashi.honma@gmail.com>
+
+[ Upstream commit 450edd2805982d14ed79733a82927d2857b27cac ]
+
+Some devices like TP-Link TL-WN722N produces this kind of messages
+frequently.
+
+kernel: ath: phy0: Short RX data len, dropping (dlen: 4)
+
+This warning is useful for developers to recognize that the device
+(Wi-Fi dongle or USB hub etc) is noisy but not for general users. So
+this patch make this warning to debug message.
+
+Reported-By: Denis <pro.denis@protonmail.com>
+Ref: https://bugzilla.kernel.org/show_bug.cgi?id=207539
+Fixes: cd486e627e67 ("ath9k_htc: Discard undersized packets")
+Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/20200504214443.4485-1-masashi.honma@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+index 4748f557c753..11d06021b5e4 100644
+--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
++++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+@@ -999,9 +999,9 @@ static bool ath9k_rx_prepare(struct ath9k_htc_priv *priv,
+ * which are not PHY_ERROR (short radar pulses have a length of 3)
+ */
+ if (unlikely(!rs_datalen || (rs_datalen < 10 && !is_phyerr))) {
+- ath_warn(common,
+- "Short RX data len, dropping (dlen: %d)\n",
+- rs_datalen);
++ ath_dbg(common, ANY,
++ "Short RX data len, dropping (dlen: %d)\n",
++ rs_datalen);
+ goto rx_next;
+ }
+
+--
+2.25.1
+
--- /dev/null
+From 002105f4d71ff66e6660a7a6cbc147f3857bbdf5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 4 Jun 2020 16:48:21 -0700
+Subject: mm: add kvfree_sensitive() for freeing sensitive data objects
+
+From: Waiman Long <longman@redhat.com>
+
+[ Upstream commit d4eaa2837851db2bfed572898bfc17f9a9f9151e ]
+
+For kvmalloc'ed data object that contains sensitive information like
+cryptographic keys, we need to make sure that the buffer is always cleared
+before freeing it. Using memset() alone for buffer clearing may not
+provide certainty as the compiler may compile it away. To be sure, the
+special memzero_explicit() has to be used.
+
+This patch introduces a new kvfree_sensitive() for freeing those sensitive
+data objects allocated by kvmalloc(). The relevant places where
+kvfree_sensitive() can be used are modified to use it.
+
+Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read")
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Waiman Long <longman@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Reviewed-by: Eric Biggers <ebiggers@google.com>
+Acked-by: David Howells <dhowells@redhat.com>
+Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Cc: James Morris <jmorris@namei.org>
+Cc: "Serge E. Hallyn" <serge@hallyn.com>
+Cc: Joe Perches <joe@perches.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Uladzislau Rezki <urezki@gmail.com>
+Link: http://lkml.kernel.org/r/20200407200318.11711-1-longman@redhat.com
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/mm.h | 1 +
+ mm/util.c | 18 ++++++++++++++++++
+ security/keys/internal.h | 11 -----------
+ security/keys/keyctl.c | 16 +++++-----------
+ 4 files changed, 24 insertions(+), 22 deletions(-)
+
+diff --git a/include/linux/mm.h b/include/linux/mm.h
+index 6f852d5fbada..156940758fc5 100644
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@ -548,6 +548,7 @@ static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags)
+ }
+
+ extern void kvfree(const void *addr);
++extern void kvfree_sensitive(const void *addr, size_t len);
+
+ /*
+ * Mapcount of compound page as a whole, does not include mapped sub-pages.
+diff --git a/mm/util.c b/mm/util.c
+index 842ba5fb662e..f0d773c719a1 100644
+--- a/mm/util.c
++++ b/mm/util.c
+@@ -417,6 +417,24 @@ void kvfree(const void *addr)
+ }
+ EXPORT_SYMBOL(kvfree);
+
++/**
++ * kvfree_sensitive - Free a data object containing sensitive information.
++ * @addr: address of the data object to be freed.
++ * @len: length of the data object.
++ *
++ * Use the special memzero_explicit() function to clear the content of a
++ * kvmalloc'ed object containing sensitive data to make sure that the
++ * compiler won't optimize out the data clearing.
++ */
++void kvfree_sensitive(const void *addr, size_t len)
++{
++ if (likely(!ZERO_OR_NULL_PTR(addr))) {
++ memzero_explicit((void *)addr, len);
++ kvfree(addr);
++ }
++}
++EXPORT_SYMBOL(kvfree_sensitive);
++
+ static inline void *__page_rmapping(struct page *page)
+ {
+ unsigned long mapping;
+diff --git a/security/keys/internal.h b/security/keys/internal.h
+index 124273e500cf..d479ca71137e 100644
+--- a/security/keys/internal.h
++++ b/security/keys/internal.h
+@@ -306,15 +306,4 @@ static inline void key_check(const struct key *key)
+ #define key_check(key) do {} while(0)
+
+ #endif
+-
+-/*
+- * Helper function to clear and free a kvmalloc'ed memory object.
+- */
+-static inline void __kvzfree(const void *addr, size_t len)
+-{
+- if (addr) {
+- memset((void *)addr, 0, len);
+- kvfree(addr);
+- }
+-}
+ #endif /* _INTERNAL_H */
+diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
+index c07c2e2b2478..9394d72a77e8 100644
+--- a/security/keys/keyctl.c
++++ b/security/keys/keyctl.c
+@@ -133,10 +133,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
+
+ key_ref_put(keyring_ref);
+ error3:
+- if (payload) {
+- memzero_explicit(payload, plen);
+- kvfree(payload);
+- }
++ kvfree_sensitive(payload, plen);
+ error2:
+ kfree(description);
+ error:
+@@ -351,7 +348,7 @@ long keyctl_update_key(key_serial_t id,
+
+ key_ref_put(key_ref);
+ error2:
+- __kvzfree(payload, plen);
++ kvfree_sensitive(payload, plen);
+ error:
+ return ret;
+ }
+@@ -859,7 +856,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
+ */
+ if (ret > key_data_len) {
+ if (unlikely(key_data))
+- __kvzfree(key_data, key_data_len);
++ kvfree_sensitive(key_data, key_data_len);
+ key_data_len = ret;
+ continue; /* Allocate buffer */
+ }
+@@ -868,7 +865,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
+ ret = -EFAULT;
+ break;
+ }
+- __kvzfree(key_data, key_data_len);
++ kvfree_sensitive(key_data, key_data_len);
+
+ key_put_out:
+ key_put(key);
+@@ -1170,10 +1167,7 @@ long keyctl_instantiate_key_common(key_serial_t id,
+ keyctl_change_reqkey_auth(NULL);
+
+ error2:
+- if (payload) {
+- memzero_explicit(payload, plen);
+- kvfree(payload);
+- }
++ kvfree_sensitive(payload, plen);
+ error:
+ return ret;
+ }
+--
+2.25.1
+
--- /dev/null
+From 6d55d005ac84c5ed73c63f23cc41aa8484707123 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 6 May 2020 23:29:12 +0900
+Subject: perf probe: Accept the instance number of kretprobe event
+
+From: Masami Hiramatsu <mhiramat@kernel.org>
+
+[ Upstream commit c6aab66a728b6518772c74bd9dff66e1a1c652fd ]
+
+Since the commit 6a13a0d7b4d1 ("ftrace/kprobe: Show the maxactive number
+on kprobe_events") introduced to show the instance number of kretprobe
+events, the length of the 1st format of the kprobe event will not 1, but
+it can be longer. This caused a parser error in perf-probe.
+
+Skip the length check the 1st format of the kprobe event to accept this
+instance number.
+
+Without this fix:
+
+ # perf probe -a vfs_read%return
+ Added new event:
+ probe:vfs_read__return (on vfs_read%return)
+
+ You can now use it in all perf tools, such as:
+
+ perf record -e probe:vfs_read__return -aR sleep 1
+
+ # perf probe -l
+ Semantic error :Failed to parse event name: r16:probe/vfs_read__return
+ Error: Failed to show event list.
+
+And with this fixes:
+
+ # perf probe -a vfs_read%return
+ ...
+ # perf probe -l
+ probe:vfs_read__return (on vfs_read%return)
+
+Fixes: 6a13a0d7b4d1 ("ftrace/kprobe: Show the maxactive number on kprobe_events")
+Reported-by: Yuxuan Shui <yshuiv7@gmail.com>
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Tested-by: Yuxuan Shui <yshuiv7@gmail.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: stable@vger.kernel.org
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207587
+Link: http://lore.kernel.org/lkml/158877535215.26469.1113127926699134067.stgit@devnote2
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/probe-event.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
+index 6670e12a2bb3..6062ae817ff7 100644
+--- a/tools/perf/util/probe-event.c
++++ b/tools/perf/util/probe-event.c
+@@ -1762,8 +1762,7 @@ int parse_probe_trace_command(const char *cmd, struct probe_trace_event *tev)
+ fmt1_str = strtok_r(argv0_str, ":", &fmt);
+ fmt2_str = strtok_r(NULL, "/", &fmt);
+ fmt3_str = strtok_r(NULL, " \t", &fmt);
+- if (fmt1_str == NULL || strlen(fmt1_str) != 1 || fmt2_str == NULL
+- || fmt3_str == NULL) {
++ if (fmt1_str == NULL || fmt2_str == NULL || fmt3_str == NULL) {
+ semantic_error("Failed to parse event name: %s\n", argv[0]);
+ ret = -EINVAL;
+ goto out;
+--
+2.25.1
+
--- /dev/null
+From 81ed5232d51593559c9260d58970dfd09435dd81 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 29 Apr 2020 09:51:20 +0200
+Subject: powerpc/xive: Clear the page tables for the ESB IO mapping
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Cédric Le Goater <clg@kaod.org>
+
+[ Upstream commit a101950fcb78b0ba20cd487be6627dea58d55c2b ]
+
+Commit 1ca3dec2b2df ("powerpc/xive: Prevent page fault issues in the
+machine crash handler") fixed an issue in the FW assisted dump of
+machines using hash MMU and the XIVE interrupt mode under the POWER
+hypervisor. It forced the mapping of the ESB page of interrupts being
+mapped in the Linux IRQ number space to make sure the 'crash kexec'
+sequence worked during such an event. But it didn't handle the
+un-mapping.
+
+This mapping is now blocking the removal of a passthrough IO adapter
+under the POWER hypervisor because it expects the guest OS to have
+cleared all page table entries related to the adapter. If some are
+still present, the RTAS call which isolates the PCI slot returns error
+9001 "valid outstanding translations".
+
+Remove these mapping in the IRQ data cleanup routine.
+
+Under KVM, this cleanup is not required because the ESB pages for the
+adapter interrupts are un-mapped from the guest by the hypervisor in
+the KVM XIVE native device. This is now redundant but it's harmless.
+
+Fixes: 1ca3dec2b2df ("powerpc/xive: Prevent page fault issues in the machine crash handler")
+Cc: stable@vger.kernel.org # v5.5+
+Signed-off-by: Cédric Le Goater <clg@kaod.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200429075122.1216388-2-clg@kaod.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/sysdev/xive/common.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/arch/powerpc/sysdev/xive/common.c b/arch/powerpc/sysdev/xive/common.c
+index b7ae5a027714..f8181c8af32d 100644
+--- a/arch/powerpc/sysdev/xive/common.c
++++ b/arch/powerpc/sysdev/xive/common.c
+@@ -23,6 +23,7 @@
+ #include <linux/slab.h>
+ #include <linux/spinlock.h>
+ #include <linux/msi.h>
++#include <linux/vmalloc.h>
+
+ #include <asm/prom.h>
+ #include <asm/io.h>
+@@ -932,12 +933,16 @@ EXPORT_SYMBOL_GPL(is_xive_irq);
+ void xive_cleanup_irq_data(struct xive_irq_data *xd)
+ {
+ if (xd->eoi_mmio) {
++ unmap_kernel_range((unsigned long)xd->eoi_mmio,
++ 1u << xd->esb_shift);
+ iounmap(xd->eoi_mmio);
+ if (xd->eoi_mmio == xd->trig_mmio)
+ xd->trig_mmio = NULL;
+ xd->eoi_mmio = NULL;
+ }
+ if (xd->trig_mmio) {
++ unmap_kernel_range((unsigned long)xd->trig_mmio,
++ 1u << xd->esb_shift);
+ iounmap(xd->trig_mmio);
+ xd->trig_mmio = NULL;
+ }
+--
+2.25.1
+
sched-fair-don-t-numa-balance-for-kthreads.patch
input-synaptics-add-a-second-working-pnp_id-for-leno.patch
drivers-net-ibmvnic-update-vnic-protocol-version-rep.patch
+powerpc-xive-clear-the-page-tables-for-the-esb-io-ma.patch
+ath9k_htc-silence-undersized-packet-warnings.patch
+perf-probe-accept-the-instance-number-of-kretprobe-e.patch
+mm-add-kvfree_sensitive-for-freeing-sensitive-data-o.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
