From: Greg Kroah-Hartman Date: Fri, 28 Apr 2023 07:56:12 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.15.110~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06dc9ec2e1714a572211e8624965752883117fec;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: driver-core-don-t-require-dynamic_debug-for-initcall_debug-probe-timing.patch usb-serial-option-add-unisoc-vendor-and-tozed-lt70c-product.patch x86-fpu-prevent-fpu-state-corruption.patch --- diff --git a/queue-5.10/driver-core-don-t-require-dynamic_debug-for-initcall_debug-probe-timing.patch b/queue-5.10/driver-core-don-t-require-dynamic_debug-for-initcall_debug-probe-timing.patch new file mode 100644 index 00000000000..879b5d51165 --- /dev/null +++ b/queue-5.10/driver-core-don-t-require-dynamic_debug-for-initcall_debug-probe-timing.patch @@ -0,0 +1,46 @@ +From e2f06aa885081e1391916367f53bad984714b4db Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Wed, 12 Apr 2023 15:58:42 -0700 +Subject: driver core: Don't require dynamic_debug for initcall_debug probe timing + +From: Stephen Boyd + +commit e2f06aa885081e1391916367f53bad984714b4db upstream. + +Don't require the use of dynamic debug (or modification of the kernel to +add a #define DEBUG to the top of this file) to get the printk message +about driver probe timing. This printk is only emitted when +initcall_debug is enabled on the kernel commandline, and it isn't +immediately obvious that you have to do something else to debug boot +timing issues related to driver probe. Add a comment too so it doesn't +get converted back to pr_debug(). + +Fixes: eb7fbc9fb118 ("driver core: Add missing '\n' in log messages") +Cc: stable +Cc: Christophe JAILLET +Cc: Brian Norris +Reviewed-by: Brian Norris +Acked-by: Randy Dunlap +Signed-off-by: Stephen Boyd +Link: https://lore.kernel.org/r/20230412225842.3196599-1-swboyd@chromium.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/dd.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/base/dd.c ++++ b/drivers/base/dd.c +@@ -677,7 +677,12 @@ static int really_probe_debug(struct dev + calltime = ktime_get(); + ret = really_probe(dev, drv); + rettime = ktime_get(); +- pr_debug("probe of %s returned %d after %lld usecs\n", ++ /* ++ * Don't change this to pr_debug() because that requires ++ * CONFIG_DYNAMIC_DEBUG and we want a simple 'initcall_debug' on the ++ * kernel commandline to print this all the time at the debug level. ++ */ ++ printk(KERN_DEBUG "probe of %s returned %d after %lld usecs\n", + dev_name(dev), ret, ktime_us_delta(rettime, calltime)); + return ret; + } diff --git a/queue-5.10/series b/queue-5.10/series index be7c5da518a..cbc6d34e377 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -4,3 +4,6 @@ kvm-arm64-fix-buffer-overflow-in-kvm_arm_set_fw_reg.patch wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_assoc_ies.patch drm-fb-helper-set-x-yres_virtual-in-drm_fb_helper_check_var.patch bluetooth-perform-careful-capability-checks-in-hci_sock_ioctl.patch +x86-fpu-prevent-fpu-state-corruption.patch +usb-serial-option-add-unisoc-vendor-and-tozed-lt70c-product.patch +driver-core-don-t-require-dynamic_debug-for-initcall_debug-probe-timing.patch diff --git a/queue-5.10/usb-serial-option-add-unisoc-vendor-and-tozed-lt70c-product.patch b/queue-5.10/usb-serial-option-add-unisoc-vendor-and-tozed-lt70c-product.patch new file mode 100644 index 00000000000..ae5ef84930f --- /dev/null +++ b/queue-5.10/usb-serial-option-add-unisoc-vendor-and-tozed-lt70c-product.patch @@ -0,0 +1,93 @@ +From a095edfc15f0832e046ae23964e249ef5c95af87 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ar=C4=B1n=C3=A7=20=C3=9CNAL?= +Date: Mon, 17 Apr 2023 18:20:03 +0300 +Subject: USB: serial: option: add UNISOC vendor and TOZED LT70C product +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Arınç ÜNAL + +commit a095edfc15f0832e046ae23964e249ef5c95af87 upstream. + +Add UNISOC vendor ID and TOZED LT70-C modem which is based from UNISOC +SL8563. The modem supports the NCM mode. Interface 0 is used for running +the AT commands. Interface 12 is the ADB interface. + +T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 +D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 +P: Vendor=1782 ProdID=4055 Rev=04.04 +S: Manufacturer=Unisoc Phone +S: Product=Unisoc Phone +S: SerialNumber= +C: #Ifs=14 Cfg#= 1 Atr=c0 MxPwr=500mA +I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0d Prot=00 Driver=cdc_ncm +E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms +I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=01 Driver=cdc_ncm +E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#=10 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#=11 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +E: Ad=08(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#=12 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) +E: Ad=09(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#=13 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +E: Ad=0a(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#= 2 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0d Prot=00 Driver=cdc_ncm +E: Ad=84(I) Atr=03(Int.) MxPS= 16 Ivl=32ms +I: If#= 3 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=01 Driver=cdc_ncm +E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#= 4 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0d Prot=00 Driver=cdc_ncm +E: Ad=86(I) Atr=03(Int.) MxPS= 16 Ivl=32ms +I: If#= 5 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=01 Driver=cdc_ncm +E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#= 6 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0d Prot=00 Driver=cdc_ncm +E: Ad=88(I) Atr=03(Int.) MxPS= 16 Ivl=32ms +I: If#= 7 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=01 Driver=cdc_ncm +E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#= 8 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms +I: If#= 9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option +E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms +E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms + +Signed-off-by: Arınç ÜNAL +Link: https://lore.kernel.org/r/20230417152003.243248-1-arinc.unal@arinc9.com +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/option.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -595,6 +595,11 @@ static void option_instat_callback(struc + #define SIERRA_VENDOR_ID 0x1199 + #define SIERRA_PRODUCT_EM9191 0x90d3 + ++/* UNISOC (Spreadtrum) products */ ++#define UNISOC_VENDOR_ID 0x1782 ++/* TOZED LT70-C based on UNISOC SL8563 uses UNISOC's vendor ID */ ++#define TOZED_PRODUCT_LT70C 0x4055 ++ + /* Device flags */ + + /* Highest interface number which can be used with NCTRL() and RSVD() */ +@@ -2225,6 +2230,7 @@ static const struct usb_device_id option + { USB_DEVICE_AND_INTERFACE_INFO(OPPO_VENDOR_ID, OPPO_PRODUCT_R11, 0xff, 0xff, 0x30) }, + { USB_DEVICE_AND_INTERFACE_INFO(SIERRA_VENDOR_ID, SIERRA_PRODUCT_EM9191, 0xff, 0xff, 0x30) }, + { USB_DEVICE_AND_INTERFACE_INFO(SIERRA_VENDOR_ID, SIERRA_PRODUCT_EM9191, 0xff, 0, 0) }, ++ { USB_DEVICE_AND_INTERFACE_INFO(UNISOC_VENDOR_ID, TOZED_PRODUCT_LT70C, 0xff, 0, 0) }, + { } /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(usb, option_ids); diff --git a/queue-5.10/x86-fpu-prevent-fpu-state-corruption.patch b/queue-5.10/x86-fpu-prevent-fpu-state-corruption.patch new file mode 100644 index 00000000000..1d49aa7207a --- /dev/null +++ b/queue-5.10/x86-fpu-prevent-fpu-state-corruption.patch @@ -0,0 +1,142 @@ +From 59f5ede3bc0f00eb856425f636dab0c10feb06d8 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Sun, 1 May 2022 21:31:43 +0200 +Subject: x86/fpu: Prevent FPU state corruption + +From: Thomas Gleixner + +commit 59f5ede3bc0f00eb856425f636dab0c10feb06d8 upstream. + +The FPU usage related to task FPU management is either protected by +disabling interrupts (switch_to, return to user) or via fpregs_lock() which +is a wrapper around local_bh_disable(). When kernel code wants to use the +FPU then it has to check whether it is possible by calling irq_fpu_usable(). + +But the condition in irq_fpu_usable() is wrong. It allows FPU to be used +when: + + !in_interrupt() || interrupted_user_mode() || interrupted_kernel_fpu_idle() + +The latter is checking whether some other context already uses FPU in the +kernel, but if that's not the case then it allows FPU to be used +unconditionally even if the calling context interrupted a fpregs_lock() +critical region. If that happens then the FPU state of the interrupted +context becomes corrupted. + +Allow in kernel FPU usage only when no other context has in kernel FPU +usage and either the calling context is not hard interrupt context or the +hard interrupt did not interrupt a local bottomhalf disabled region. + +It's hard to find a proper Fixes tag as the condition was broken in one way +or the other for a very long time and the eager/lazy FPU changes caused a +lot of churn. Picked something remotely connected from the history. + +This survived undetected for quite some time as FPU usage in interrupt +context is rare, but the recent changes to the random code unearthed it at +least on a kernel which had FPU debugging enabled. There is probably a +higher rate of silent corruption as not all issues can be detected by the +FPU debugging code. This will be addressed in a subsequent change. + +Fixes: 5d2bd7009f30 ("x86, fpu: decouple non-lazy/eager fpu restore from xsave") +Reported-by: Filipe Manana +Signed-off-by: Thomas Gleixner +Tested-by: Filipe Manana +Reviewed-by: Borislav Petkov +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220501193102.588689270@linutronix.de +Signed-off-by: Can Sun +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/fpu/core.c | 67 +++++++++++++++++---------------------------- + 1 file changed, 26 insertions(+), 41 deletions(-) + +--- a/arch/x86/kernel/fpu/core.c ++++ b/arch/x86/kernel/fpu/core.c +@@ -25,17 +25,7 @@ + */ + union fpregs_state init_fpstate __read_mostly; + +-/* +- * Track whether the kernel is using the FPU state +- * currently. +- * +- * This flag is used: +- * +- * - by IRQ context code to potentially use the FPU +- * if it's unused. +- * +- * - to debug kernel_fpu_begin()/end() correctness +- */ ++/* Track in-kernel FPU usage */ + static DEFINE_PER_CPU(bool, in_kernel_fpu); + + /* +@@ -43,42 +33,37 @@ static DEFINE_PER_CPU(bool, in_kernel_fp + */ + DEFINE_PER_CPU(struct fpu *, fpu_fpregs_owner_ctx); + +-static bool kernel_fpu_disabled(void) +-{ +- return this_cpu_read(in_kernel_fpu); +-} +- +-static bool interrupted_kernel_fpu_idle(void) +-{ +- return !kernel_fpu_disabled(); +-} +- +-/* +- * Were we in user mode (or vm86 mode) when we were +- * interrupted? +- * +- * Doing kernel_fpu_begin/end() is ok if we are running +- * in an interrupt context from user mode - we'll just +- * save the FPU state as required. +- */ +-static bool interrupted_user_mode(void) +-{ +- struct pt_regs *regs = get_irq_regs(); +- return regs && user_mode(regs); +-} +- + /* + * Can we use the FPU in kernel mode with the + * whole "kernel_fpu_begin/end()" sequence? +- * +- * It's always ok in process context (ie "not interrupt") +- * but it is sometimes ok even from an irq. + */ + bool irq_fpu_usable(void) + { +- return !in_interrupt() || +- interrupted_user_mode() || +- interrupted_kernel_fpu_idle(); ++ if (WARN_ON_ONCE(in_nmi())) ++ return false; ++ ++ /* In kernel FPU usage already active? */ ++ if (this_cpu_read(in_kernel_fpu)) ++ return false; ++ ++ /* ++ * When not in NMI or hard interrupt context, FPU can be used in: ++ * ++ * - Task context except from within fpregs_lock()'ed critical ++ * regions. ++ * ++ * - Soft interrupt processing context which cannot happen ++ * while in a fpregs_lock()'ed critical region. ++ */ ++ if (!in_irq()) ++ return true; ++ ++ /* ++ * In hard interrupt context it's safe when soft interrupts ++ * are enabled, which means the interrupt did not hit in ++ * a fpregs_lock()'ed critical region. ++ */ ++ return !softirq_count(); + } + EXPORT_SYMBOL(irq_fpu_usable); +