From: Greg Kroah-Hartman Date: Sat, 18 Sep 2021 12:49:10 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v4.4.284~63 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0b8b858bf05ab1cf66bd9a220d6b7a95ee7945b1;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: arm64-sve-use-correct-size-when-reinitialising-sve-state.patch bnx2x-fix-enabling-network-interfaces-without-vfs.patch dm-thin-metadata-fix-use-after-free-in-dm_bm_set_read_only.patch pci-add-amd-gpu-multi-function-power-dependencies.patch pm-base-power-don-t-try-to-use-non-existing-rtc-for-storing-data.patch xen-reset-legacy-rtc-flag-for-pv-domu.patch --- diff --git a/queue-4.19/arm64-sve-use-correct-size-when-reinitialising-sve-state.patch b/queue-4.19/arm64-sve-use-correct-size-when-reinitialising-sve-state.patch new file mode 100644 index 00000000000..d7283b84078 --- /dev/null +++ b/queue-4.19/arm64-sve-use-correct-size-when-reinitialising-sve-state.patch @@ -0,0 +1,45 @@ +From e35ac9d0b56e9efefaeeb84b635ea26c2839ea86 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Thu, 9 Sep 2021 17:53:56 +0100 +Subject: arm64/sve: Use correct size when reinitialising SVE state + +From: Mark Brown + +commit e35ac9d0b56e9efefaeeb84b635ea26c2839ea86 upstream. + +When we need a buffer for SVE register state we call sve_alloc() to make +sure that one is there. In order to avoid repeated allocations and frees +we keep the buffer around unless we change vector length and just memset() +it to ensure a clean register state. The function that deals with this +takes the task to operate on as an argument, however in the case where we +do a memset() we initialise using the SVE state size for the current task +rather than the task passed as an argument. + +This is only an issue in the case where we are setting the register state +for a task via ptrace and the task being configured has a different vector +length to the task tracing it. In the case where the buffer is larger in +the traced process we will leak old state from the traced process to +itself, in the case where the buffer is smaller in the traced process we +will overflow the buffer and corrupt memory. + +Fixes: bc0ee4760364 ("arm64/sve: Core task context handling") +Cc: # 4.15.x +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20210909165356.10675-1-broonie@kernel.org +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kernel/fpsimd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/kernel/fpsimd.c ++++ b/arch/arm64/kernel/fpsimd.c +@@ -434,7 +434,7 @@ size_t sve_state_size(struct task_struct + void sve_alloc(struct task_struct *task) + { + if (task->thread.sve_state) { +- memset(task->thread.sve_state, 0, sve_state_size(current)); ++ memset(task->thread.sve_state, 0, sve_state_size(task)); + return; + } + diff --git a/queue-4.19/bnx2x-fix-enabling-network-interfaces-without-vfs.patch b/queue-4.19/bnx2x-fix-enabling-network-interfaces-without-vfs.patch new file mode 100644 index 00000000000..c0e2a55f71d --- /dev/null +++ b/queue-4.19/bnx2x-fix-enabling-network-interfaces-without-vfs.patch @@ -0,0 +1,36 @@ +From 52ce14c134a003fee03d8fc57442c05a55b53715 Mon Sep 17 00:00:00 2001 +From: Adrian Bunk +Date: Sun, 12 Sep 2021 22:05:23 +0300 +Subject: bnx2x: Fix enabling network interfaces without VFs + +From: Adrian Bunk + +commit 52ce14c134a003fee03d8fc57442c05a55b53715 upstream. + +This function is called to enable SR-IOV when available, +not enabling interfaces without VFs was a regression. + +Fixes: 65161c35554f ("bnx2x: Fix missing error code in bnx2x_iov_init_one()") +Signed-off-by: Adrian Bunk +Reported-by: YunQiang Su +Tested-by: YunQiang Su +Cc: stable@vger.kernel.org +Acked-by: Shai Malin +Link: https://lore.kernel.org/r/20210912190523.27991-1-bunk@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c +@@ -1245,7 +1245,7 @@ int bnx2x_iov_init_one(struct bnx2x *bp, + + /* SR-IOV capability was enabled but there are no VFs*/ + if (iov->total == 0) { +- err = -EINVAL; ++ err = 0; + goto failed; + } + diff --git a/queue-4.19/dm-thin-metadata-fix-use-after-free-in-dm_bm_set_read_only.patch b/queue-4.19/dm-thin-metadata-fix-use-after-free-in-dm_bm_set_read_only.patch new file mode 100644 index 00000000000..82faaf70ec1 --- /dev/null +++ b/queue-4.19/dm-thin-metadata-fix-use-after-free-in-dm_bm_set_read_only.patch @@ -0,0 +1,111 @@ +From 3a653b205f29b3f9827a01a0c88bfbcb0d169494 Mon Sep 17 00:00:00 2001 +From: Ye Bin +Date: Tue, 1 Sep 2020 14:25:44 +0800 +Subject: dm thin metadata: Fix use-after-free in dm_bm_set_read_only + +From: Ye Bin + +commit 3a653b205f29b3f9827a01a0c88bfbcb0d169494 upstream. + +The following error ocurred when testing disk online/offline: + +[ 301.798344] device-mapper: thin: 253:5: aborting current metadata transaction +[ 301.848441] device-mapper: thin: 253:5: failed to abort metadata transaction +[ 301.849206] Aborting journal on device dm-26-8. +[ 301.850489] EXT4-fs error (device dm-26) in __ext4_new_inode:943: Journal has aborted +[ 301.851095] EXT4-fs (dm-26): Delayed block allocation failed for inode 398742 at logical offset 181 with max blocks 19 with error 30 +[ 301.854476] BUG: KASAN: use-after-free in dm_bm_set_read_only+0x3a/0x40 [dm_persistent_data] + +Reason is: + + metadata_operation_failed + abort_transaction + dm_pool_abort_metadata + __create_persistent_data_objects + r = __open_or_format_metadata + if (r) --> If failed will free pmd->bm but pmd->bm not set NULL + dm_block_manager_destroy(pmd->bm); + set_pool_mode + dm_pool_metadata_read_only(pool->pmd); + dm_bm_set_read_only(pmd->bm); --> use-after-free + +Add checks to see if pmd->bm is NULL in dm_bm_set_read_only and +dm_bm_set_read_write functions. If bm is NULL it means creating the +bm failed and so dm_bm_is_read_only must return true. + +Signed-off-by: Ye Bin +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: xiejingfeng +Signed-off-by: Jeffle Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-thin-metadata.c | 2 +- + drivers/md/persistent-data/dm-block-manager.c | 14 ++++++++------ + 2 files changed, 9 insertions(+), 7 deletions(-) + +--- a/drivers/md/dm-thin-metadata.c ++++ b/drivers/md/dm-thin-metadata.c +@@ -901,7 +901,7 @@ int dm_pool_metadata_close(struct dm_poo + return -EBUSY; + } + +- if (!dm_bm_is_read_only(pmd->bm) && !pmd->fail_io) { ++ if (!pmd->fail_io && !dm_bm_is_read_only(pmd->bm)) { + r = __commit_transaction(pmd); + if (r < 0) + DMWARN("%s: __commit_transaction() failed, error = %d", +--- a/drivers/md/persistent-data/dm-block-manager.c ++++ b/drivers/md/persistent-data/dm-block-manager.c +@@ -494,7 +494,7 @@ int dm_bm_write_lock(struct dm_block_man + void *p; + int r; + +- if (bm->read_only) ++ if (dm_bm_is_read_only(bm)) + return -EPERM; + + p = dm_bufio_read(bm->bufio, b, (struct dm_buffer **) result); +@@ -563,7 +563,7 @@ int dm_bm_write_lock_zero(struct dm_bloc + struct buffer_aux *aux; + void *p; + +- if (bm->read_only) ++ if (dm_bm_is_read_only(bm)) + return -EPERM; + + p = dm_bufio_new(bm->bufio, b, (struct dm_buffer **) result); +@@ -603,7 +603,7 @@ EXPORT_SYMBOL_GPL(dm_bm_unlock); + + int dm_bm_flush(struct dm_block_manager *bm) + { +- if (bm->read_only) ++ if (dm_bm_is_read_only(bm)) + return -EPERM; + + return dm_bufio_write_dirty_buffers(bm->bufio); +@@ -617,19 +617,21 @@ void dm_bm_prefetch(struct dm_block_mana + + bool dm_bm_is_read_only(struct dm_block_manager *bm) + { +- return bm->read_only; ++ return (bm ? bm->read_only : true); + } + EXPORT_SYMBOL_GPL(dm_bm_is_read_only); + + void dm_bm_set_read_only(struct dm_block_manager *bm) + { +- bm->read_only = true; ++ if (bm) ++ bm->read_only = true; + } + EXPORT_SYMBOL_GPL(dm_bm_set_read_only); + + void dm_bm_set_read_write(struct dm_block_manager *bm) + { +- bm->read_only = false; ++ if (bm) ++ bm->read_only = false; + } + EXPORT_SYMBOL_GPL(dm_bm_set_read_write); + diff --git a/queue-4.19/pci-add-amd-gpu-multi-function-power-dependencies.patch b/queue-4.19/pci-add-amd-gpu-multi-function-power-dependencies.patch new file mode 100644 index 00000000000..82877416453 --- /dev/null +++ b/queue-4.19/pci-add-amd-gpu-multi-function-power-dependencies.patch @@ -0,0 +1,63 @@ +From 60b78ed088ebe1a872ee1320b6c5ad6ee2c4bd9a Mon Sep 17 00:00:00 2001 +From: Evan Quan +Date: Fri, 3 Sep 2021 14:33:11 +0800 +Subject: PCI: Add AMD GPU multi-function power dependencies + +From: Evan Quan + +commit 60b78ed088ebe1a872ee1320b6c5ad6ee2c4bd9a upstream. + +Some AMD GPUs have built-in USB xHCI and USB Type-C UCSI controllers with +power dependencies between the GPU and the other functions as in +6d2e369f0d4c ("PCI: Add NVIDIA GPU multi-function power dependencies"). + +Add device link support for the AMD integrated USB xHCI and USB Type-C UCSI +controllers. + +Without this, runtime power management, including GPU resume and temp and +fan sensors don't work correctly. + +Reported-at: https://gitlab.freedesktop.org/drm/amd/-/issues/1704 +Link: https://lore.kernel.org/r/20210903063311.3606226-1-evan.quan@amd.com +Signed-off-by: Evan Quan +Signed-off-by: Bjorn Helgaas +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/quirks.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -5254,7 +5254,7 @@ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR + PCI_CLASS_MULTIMEDIA_HD_AUDIO, 8, quirk_gpu_hda); + + /* +- * Create device link for NVIDIA GPU with integrated USB xHCI Host ++ * Create device link for GPUs with integrated USB xHCI Host + * controller to VGA. + */ + static void quirk_gpu_usb(struct pci_dev *usb) +@@ -5263,9 +5263,11 @@ static void quirk_gpu_usb(struct pci_dev + } + DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, + PCI_CLASS_SERIAL_USB, 8, quirk_gpu_usb); ++DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_ATI, PCI_ANY_ID, ++ PCI_CLASS_SERIAL_USB, 8, quirk_gpu_usb); + + /* +- * Create device link for NVIDIA GPU with integrated Type-C UCSI controller ++ * Create device link for GPUs with integrated Type-C UCSI controller + * to VGA. Currently there is no class code defined for UCSI device over PCI + * so using UNKNOWN class for now and it will be updated when UCSI + * over PCI gets a class code. +@@ -5278,6 +5280,9 @@ static void quirk_gpu_usb_typec_ucsi(str + DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, + PCI_CLASS_SERIAL_UNKNOWN, 8, + quirk_gpu_usb_typec_ucsi); ++DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_ATI, PCI_ANY_ID, ++ PCI_CLASS_SERIAL_UNKNOWN, 8, ++ quirk_gpu_usb_typec_ucsi); + + /* + * Enable the NVIDIA GPU integrated HDA controller if the BIOS left it diff --git a/queue-4.19/pm-base-power-don-t-try-to-use-non-existing-rtc-for-storing-data.patch b/queue-4.19/pm-base-power-don-t-try-to-use-non-existing-rtc-for-storing-data.patch new file mode 100644 index 00000000000..5c1c9d1f053 --- /dev/null +++ b/queue-4.19/pm-base-power-don-t-try-to-use-non-existing-rtc-for-storing-data.patch @@ -0,0 +1,62 @@ +From 0560204b360a332c321124dbc5cdfd3364533a74 Mon Sep 17 00:00:00 2001 +From: Juergen Gross +Date: Fri, 3 Sep 2021 10:49:36 +0200 +Subject: PM: base: power: don't try to use non-existing RTC for storing data + +From: Juergen Gross + +commit 0560204b360a332c321124dbc5cdfd3364533a74 upstream. + +If there is no legacy RTC device, don't try to use it for storing trace +data across suspend/resume. + +Cc: +Signed-off-by: Juergen Gross +Reviewed-by: Rafael J. Wysocki +Link: https://lore.kernel.org/r/20210903084937.19392-2-jgross@suse.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/power/trace.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/drivers/base/power/trace.c ++++ b/drivers/base/power/trace.c +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + + #include + +@@ -165,6 +166,9 @@ void generate_pm_trace(const void *trace + const char *file = *(const char **)(tracedata + 2); + unsigned int user_hash_value, file_hash_value; + ++ if (!x86_platform.legacy.rtc) ++ return; ++ + user_hash_value = user % USERHASH; + file_hash_value = hash_string(lineno, file, FILEHASH); + set_magic_time(user_hash_value, file_hash_value, dev_hash_value); +@@ -267,6 +271,9 @@ static struct notifier_block pm_trace_nb + + static int early_resume_init(void) + { ++ if (!x86_platform.legacy.rtc) ++ return 0; ++ + hash_value_early_read = read_magic_time(); + register_pm_notifier(&pm_trace_nb); + return 0; +@@ -277,6 +284,9 @@ static int late_resume_init(void) + unsigned int val = hash_value_early_read; + unsigned int user, file, dev; + ++ if (!x86_platform.legacy.rtc) ++ return 0; ++ + user = val % USERHASH; + val = val / USERHASH; + file = val % FILEHASH; diff --git a/queue-4.19/series b/queue-4.19/series index 182cbfea58a..5a74451c770 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -247,3 +247,9 @@ mm-hugetlb-initialize-hugetlb_usage-in-mm_init.patch memcg-enable-accounting-for-pids-in-nested-pid-namespaces.patch platform-chrome-cros_ec_proto-send-command-again-when-timeout-occurs.patch drm-amdgpu-fix-bug_on-assert.patch +dm-thin-metadata-fix-use-after-free-in-dm_bm_set_read_only.patch +xen-reset-legacy-rtc-flag-for-pv-domu.patch +bnx2x-fix-enabling-network-interfaces-without-vfs.patch +arm64-sve-use-correct-size-when-reinitialising-sve-state.patch +pm-base-power-don-t-try-to-use-non-existing-rtc-for-storing-data.patch +pci-add-amd-gpu-multi-function-power-dependencies.patch diff --git a/queue-4.19/xen-reset-legacy-rtc-flag-for-pv-domu.patch b/queue-4.19/xen-reset-legacy-rtc-flag-for-pv-domu.patch new file mode 100644 index 00000000000..7152e0caf39 --- /dev/null +++ b/queue-4.19/xen-reset-legacy-rtc-flag-for-pv-domu.patch @@ -0,0 +1,71 @@ +From f68aa100d815b5b4467fd1c3abbe3b99d65fd028 Mon Sep 17 00:00:00 2001 +From: Juergen Gross +Date: Fri, 3 Sep 2021 10:49:37 +0200 +Subject: xen: reset legacy rtc flag for PV domU + +From: Juergen Gross + +commit f68aa100d815b5b4467fd1c3abbe3b99d65fd028 upstream. + +A Xen PV guest doesn't have a legacy RTC device, so reset the legacy +RTC flag. Otherwise the following WARN splat will occur at boot: + +[ 1.333404] WARNING: CPU: 1 PID: 1 at /home/gross/linux/head/drivers/rtc/rtc-mc146818-lib.c:25 mc146818_get_time+0x1be/0x210 +[ 1.333404] Modules linked in: +[ 1.333404] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 5.14.0-rc7-default+ #282 +[ 1.333404] RIP: e030:mc146818_get_time+0x1be/0x210 +[ 1.333404] Code: c0 64 01 c5 83 fd 45 89 6b 14 7f 06 83 c5 64 89 6b 14 41 83 ec 01 b8 02 00 00 00 44 89 63 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b 48 c7 c7 30 0e ef 82 4c 89 e6 e8 71 2a 24 00 48 c7 c0 ff ff +[ 1.333404] RSP: e02b:ffffc90040093df8 EFLAGS: 00010002 +[ 1.333404] RAX: 00000000000000ff RBX: ffffc90040093e34 RCX: 0000000000000000 +[ 1.333404] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000d +[ 1.333404] RBP: ffffffff82ef0e30 R08: ffff888005013e60 R09: 0000000000000000 +[ 1.333404] R10: ffffffff82373e9b R11: 0000000000033080 R12: 0000000000000200 +[ 1.333404] R13: 0000000000000000 R14: 0000000000000002 R15: ffffffff82cdc6d4 +[ 1.333404] FS: 0000000000000000(0000) GS:ffff88807d440000(0000) knlGS:0000000000000000 +[ 1.333404] CS: 10000e030 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1.333404] CR2: 0000000000000000 CR3: 000000000260a000 CR4: 0000000000050660 +[ 1.333404] Call Trace: +[ 1.333404] ? wakeup_sources_sysfs_init+0x30/0x30 +[ 1.333404] ? rdinit_setup+0x2b/0x2b +[ 1.333404] early_resume_init+0x23/0xa4 +[ 1.333404] ? cn_proc_init+0x36/0x36 +[ 1.333404] do_one_initcall+0x3e/0x200 +[ 1.333404] kernel_init_freeable+0x232/0x28e +[ 1.333404] ? rest_init+0xd0/0xd0 +[ 1.333404] kernel_init+0x16/0x120 +[ 1.333404] ret_from_fork+0x1f/0x30 + +Cc: +Fixes: 8d152e7a5c7537 ("x86/rtc: Replace paravirt rtc check with platform legacy quirk") +Signed-off-by: Juergen Gross +Reviewed-by: Boris Ostrovsky +Link: https://lore.kernel.org/r/20210903084937.19392-3-jgross@suse.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/xen/enlighten_pv.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/x86/xen/enlighten_pv.c ++++ b/arch/x86/xen/enlighten_pv.c +@@ -1187,6 +1187,11 @@ static void __init xen_dom0_set_legacy_f + x86_platform.legacy.rtc = 1; + } + ++static void __init xen_domu_set_legacy_features(void) ++{ ++ x86_platform.legacy.rtc = 0; ++} ++ + /* First C function to be called on Xen boot */ + asmlinkage __visible void __init xen_start_kernel(void) + { +@@ -1354,6 +1359,8 @@ asmlinkage __visible void __init xen_sta + add_preferred_console("xenboot", 0, NULL); + if (pci_xen) + x86_init.pci.arch_init = pci_xen_init; ++ x86_platform.set_legacy_features = ++ xen_domu_set_legacy_features; + } else { + const struct dom0_vga_console_info *info = + (void *)((char *)xen_start_info +