From: Greg Kroah-Hartman Date: Mon, 24 Sep 2018 11:12:03 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v3.18.123~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ed4a2800ef95627cff41f112ee9b7b803d294fd;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: drivers-net-cpsw-fix-segfault-in-case-of-bad-phy-handle.patch mei-bus-type-promotion-bug-in-mei_nfc_if_version.patch mips-vdso-drop-gic_get_usm_range-usage.patch mips-vdso-match-data-page-cache-colouring-when-d-aliases.patch --- diff --git a/queue-4.4/drivers-net-cpsw-fix-segfault-in-case-of-bad-phy-handle.patch b/queue-4.4/drivers-net-cpsw-fix-segfault-in-case-of-bad-phy-handle.patch new file mode 100644 index 00000000000..2e68d859f45 --- /dev/null +++ b/queue-4.4/drivers-net-cpsw-fix-segfault-in-case-of-bad-phy-handle.patch @@ -0,0 +1,82 @@ +From d733f7542ad47cf73e033c90cf55158587e1d060 Mon Sep 17 00:00:00 2001 +From: David Rivshin +Date: Wed, 27 Apr 2016 21:32:31 -0400 +Subject: drivers: net: cpsw: fix segfault in case of bad phy-handle + +From: David Rivshin + +commit d733f7542ad47cf73e033c90cf55158587e1d060 upstream. + +If an emac node has a phy-handle property that points to something +which is not a phy, then a segmentation fault will occur when the +interface is brought up. This is because while phy_connect() will +return ERR_PTR() on failure, of_phy_connect() will return NULL. +The common error check uses IS_ERR(), and so missed when +of_phy_connect() fails. The NULL pointer is then dereferenced. + +Also, the common error message referenced slave->data->phy_id, +which would be empty in the case of phy-handle. Instead, use the +name of the device_node as a useful identifier. And in the phy_id +case add the error code for completeness. + +Fixes: 9e42f715264f ("drivers: net: cpsw: add phy-handle parsing") +Signed-off-by: David Rivshin +Signed-off-by: David S. Miller +[SZ Lin (林上智): Tweak the patch to use original print function of dev_info()] +Signed-off-by: SZ Lin (林上智) +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/ti/cpsw.c | 37 +++++++++++++++++++++++-------------- + 1 file changed, 23 insertions(+), 14 deletions(-) + +--- a/drivers/net/ethernet/ti/cpsw.c ++++ b/drivers/net/ethernet/ti/cpsw.c +@@ -1164,25 +1164,34 @@ static void cpsw_slave_open(struct cpsw_ + cpsw_ale_add_mcast(priv->ale, priv->ndev->broadcast, + 1 << slave_port, 0, 0, ALE_MCAST_FWD_2); + +- if (slave->data->phy_node) ++ if (slave->data->phy_node) { + slave->phy = of_phy_connect(priv->ndev, slave->data->phy_node, + &cpsw_adjust_link, 0, slave->data->phy_if); +- else ++ if (!slave->phy) { ++ dev_err(priv->dev, "phy \"%s\" not found on slave %d\n", ++ slave->data->phy_node->full_name, ++ slave->slave_num); ++ return; ++ } ++ } else { + slave->phy = phy_connect(priv->ndev, slave->data->phy_id, + &cpsw_adjust_link, slave->data->phy_if); +- if (IS_ERR(slave->phy)) { +- dev_err(priv->dev, "phy %s not found on slave %d\n", +- slave->data->phy_id, slave->slave_num); +- slave->phy = NULL; +- } else { +- dev_info(priv->dev, "phy found : id is : 0x%x\n", +- slave->phy->phy_id); +- phy_start(slave->phy); +- +- /* Configure GMII_SEL register */ +- cpsw_phy_sel(&priv->pdev->dev, slave->phy->interface, +- slave->slave_num); ++ if (IS_ERR(slave->phy)) { ++ dev_err(priv->dev, ++ "phy \"%s\" not found on slave %d, err %ld\n", ++ slave->data->phy_id, slave->slave_num, ++ PTR_ERR(slave->phy)); ++ slave->phy = NULL; ++ return; ++ } + } ++ ++ dev_info(priv->dev, "phy found : id is : 0x%x\n", slave->phy->phy_id); ++ ++ phy_start(slave->phy); ++ ++ /* Configure GMII_SEL register */ ++ cpsw_phy_sel(&priv->pdev->dev, slave->phy->interface, slave->slave_num); + } + + static inline void cpsw_add_default_vlan(struct cpsw_priv *priv) diff --git a/queue-4.4/mei-bus-type-promotion-bug-in-mei_nfc_if_version.patch b/queue-4.4/mei-bus-type-promotion-bug-in-mei_nfc_if_version.patch new file mode 100644 index 00000000000..a327627e43c --- /dev/null +++ b/queue-4.4/mei-bus-type-promotion-bug-in-mei_nfc_if_version.patch @@ -0,0 +1,37 @@ +From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 11 Jul 2018 15:29:31 +0300 +Subject: mei: bus: type promotion bug in mei_nfc_if_version() + +From: Dan Carpenter + +commit b40b3e9358fbafff6a4ba0f4b9658f6617146f9c upstream. + +We accidentally removed the check for negative returns +without considering the issue of type promotion. +The "if_version_length" variable is type size_t so if __mei_cl_recv() +returns a negative then "bytes_recv" is type promoted +to a high positive value and treated as success. + +Cc: +Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") +Signed-off-by: Dan Carpenter +Signed-off-by: Tomas Winkler +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/misc/mei/bus-fixup.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/misc/mei/bus-fixup.c ++++ b/drivers/misc/mei/bus-fixup.c +@@ -151,7 +151,7 @@ static int mei_nfc_if_version(struct mei + + ret = 0; + bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length); +- if (bytes_recv < if_version_length) { ++ if (bytes_recv < 0 || bytes_recv < if_version_length) { + dev_err(bus->dev, "Could not read IF version\n"); + ret = -EIO; + goto err; diff --git a/queue-4.4/mips-vdso-drop-gic_get_usm_range-usage.patch b/queue-4.4/mips-vdso-drop-gic_get_usm_range-usage.patch new file mode 100644 index 00000000000..fdde949070f --- /dev/null +++ b/queue-4.4/mips-vdso-drop-gic_get_usm_range-usage.patch @@ -0,0 +1,84 @@ +From 00578cd864d45ae4b8fa3f684f8d6f783dd8d15d Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Sat, 12 Aug 2017 21:36:30 -0700 +Subject: MIPS: VDSO: Drop gic_get_usm_range() usage + +From: Paul Burton + +commit 00578cd864d45ae4b8fa3f684f8d6f783dd8d15d upstream. + +We don't really need gic_get_usm_range() to abstract discovery of the +address of the GIC user-visible section now that we have access to its +base address globally. + +Switch to calculating it ourselves, which will allow us to stop +requiring the irqchip driver to care about a counter exposed to userland +for use via the VDSO. + +Signed-off-by: Paul Burton +Cc: Jason Cooper +Cc: Marc Zyngier +Cc: Thomas Gleixner +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/17040/ +Signed-off-by: Ralf Baechle +Signed-off-by: SZ Lin (林上智) +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/kernel/vdso.c | 15 +++++---------- + 1 file changed, 5 insertions(+), 10 deletions(-) + +--- a/arch/mips/kernel/vdso.c ++++ b/arch/mips/kernel/vdso.c +@@ -13,7 +13,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -21,6 +20,7 @@ + #include + + #include ++#include + #include + #include + +@@ -101,9 +101,8 @@ int arch_setup_additional_pages(struct l + { + struct mips_vdso_image *image = current->thread.abi->vdso; + struct mm_struct *mm = current->mm; +- unsigned long gic_size, vvar_size, size, base, data_addr, vdso_addr; ++ unsigned long gic_size, vvar_size, size, base, data_addr, vdso_addr, gic_pfn; + struct vm_area_struct *vma; +- struct resource gic_res; + int ret; + + down_write(&mm->mmap_sem); +@@ -116,7 +115,7 @@ int arch_setup_additional_pages(struct l + * only map a page even though the total area is 64K, as we only need + * the counter registers at the start. + */ +- gic_size = gic_present ? PAGE_SIZE : 0; ++ gic_size = mips_gic_present() ? PAGE_SIZE : 0; + vvar_size = gic_size + PAGE_SIZE; + size = vvar_size + image->size; + +@@ -157,13 +156,9 @@ int arch_setup_additional_pages(struct l + + /* Map GIC user page. */ + if (gic_size) { +- ret = gic_get_usm_range(&gic_res); +- if (ret) +- goto out; ++ gic_pfn = virt_to_phys(mips_gic_base + MIPS_GIC_USER_OFS) >> PAGE_SHIFT; + +- ret = io_remap_pfn_range(vma, base, +- gic_res.start >> PAGE_SHIFT, +- gic_size, ++ ret = io_remap_pfn_range(vma, base, gic_pfn, gic_size, + pgprot_noncached(PAGE_READONLY)); + if (ret) + goto out; diff --git a/queue-4.4/mips-vdso-match-data-page-cache-colouring-when-d-aliases.patch b/queue-4.4/mips-vdso-match-data-page-cache-colouring-when-d-aliases.patch new file mode 100644 index 00000000000..71fe23318ab --- /dev/null +++ b/queue-4.4/mips-vdso-match-data-page-cache-colouring-when-d-aliases.patch @@ -0,0 +1,90 @@ +From 0f02cfbc3d9e413d450d8d0fd660077c23f67eff Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Thu, 30 Aug 2018 11:01:21 -0700 +Subject: MIPS: VDSO: Match data page cache colouring when D$ aliases + +From: Paul Burton + +commit 0f02cfbc3d9e413d450d8d0fd660077c23f67eff upstream. + +When a system suffers from dcache aliasing a user program may observe +stale VDSO data from an aliased cache line. Notably this can break the +expectation that clock_gettime(CLOCK_MONOTONIC, ...) is, as its name +suggests, monotonic. + +In order to ensure that users observe updates to the VDSO data page as +intended, align the user mappings of the VDSO data page such that their +cache colouring matches that of the virtual address range which the +kernel will use to update the data page - typically its unmapped address +within kseg0. + +This ensures that we don't introduce aliasing cache lines for the VDSO +data page, and therefore that userland will observe updates without +requiring cache invalidation. + +Signed-off-by: Paul Burton +Reported-by: Hauke Mehrtens +Reported-by: Rene Nielsen +Reported-by: Alexandre Belloni +Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") +Patchwork: https://patchwork.linux-mips.org/patch/20344/ +Tested-by: Alexandre Belloni +Tested-by: Hauke Mehrtens +Cc: James Hogan +Cc: linux-mips@linux-mips.org +Cc: stable@vger.kernel.org # v4.4+ +Signed-off-by: Greg Kroah-Hartman + + +--- + arch/mips/kernel/vdso.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +--- a/arch/mips/kernel/vdso.c ++++ b/arch/mips/kernel/vdso.c +@@ -14,12 +14,14 @@ + #include + #include + #include ++#include + #include + #include + #include + #include + + #include ++#include + #include + + /* Kernel-provided data used by the VDSO. */ +@@ -118,12 +120,30 @@ int arch_setup_additional_pages(struct l + vvar_size = gic_size + PAGE_SIZE; + size = vvar_size + image->size; + ++ /* ++ * Find a region that's large enough for us to perform the ++ * colour-matching alignment below. ++ */ ++ if (cpu_has_dc_aliases) ++ size += shm_align_mask + 1; ++ + base = get_unmapped_area(NULL, 0, size, 0, 0); + if (IS_ERR_VALUE(base)) { + ret = base; + goto out; + } + ++ /* ++ * If we suffer from dcache aliasing, ensure that the VDSO data page ++ * mapping is coloured the same as the kernel's mapping of that memory. ++ * This ensures that when the kernel updates the VDSO data userland ++ * will observe it without requiring cache invalidations. ++ */ ++ if (cpu_has_dc_aliases) { ++ base = __ALIGN_MASK(base, shm_align_mask); ++ base += ((unsigned long)&vdso_data - gic_size) & shm_align_mask; ++ } ++ + data_addr = base + gic_size; + vdso_addr = data_addr + PAGE_SIZE; + diff --git a/queue-4.4/series b/queue-4.4/series index 6cb0421d788..e9a97f1f74e 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -64,3 +64,7 @@ drm-panel-type-promotion-bug-in-s6e8aa0_read_mtp_id.patch ib-nes-fix-a-compiler-warning.patch pinctrl-qcom-spmi-gpio-fix-pmic_gpio_config_get-to-be-compliant.patch usb-serial-ti_usb_3410_5052-fix-array-underflow-in-completion-handler.patch +mei-bus-type-promotion-bug-in-mei_nfc_if_version.patch +drivers-net-cpsw-fix-segfault-in-case-of-bad-phy-handle.patch +mips-vdso-match-data-page-cache-colouring-when-d-aliases.patch +mips-vdso-drop-gic_get_usm_range-usage.patch