From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 27 Sep 2021 12:19:56 +0000 (+0200)
Subject: 5.14-stable patches
X-Git-Tag: v5.4.150~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=193286e469d73932b56bbea736030a368f0932ab;p=thirdparty%2Fkernel%2Fstable-queue.git

5.14-stable patches

added patches:
	arm64-add-mte-supported-check-to-thread-switching-and-syscall-entry-exit.patch
	software-node-balance-refcount-for-managed-software-nodes.patch
	usb-serial-cp210x-fix-dropped-characters-with-cp2102.patch
---

diff --git a/queue-5.14/arm64-add-mte-supported-check-to-thread-switching-and-syscall-entry-exit.patch b/queue-5.14/arm64-add-mte-supported-check-to-thread-switching-and-syscall-entry-exit.patch
new file mode 100644
index 00000000000..f019571cdea
--- /dev/null
+++ b/queue-5.14/arm64-add-mte-supported-check-to-thread-switching-and-syscall-entry-exit.patch
@@ -0,0 +1,77 @@
+From 8c8a3b5bd960cd88f7655b5251dc28741e11f139 Mon Sep 17 00:00:00 2001
+From: Peter Collingbourne <pcc@google.com>
+Date: Wed, 15 Sep 2021 12:03:35 -0700
+Subject: arm64: add MTE supported check to thread switching and syscall entry/exit
+
+From: Peter Collingbourne <pcc@google.com>
+
+commit 8c8a3b5bd960cd88f7655b5251dc28741e11f139 upstream.
+
+This lets us avoid doing unnecessary work on hardware that does not
+support MTE, and will allow us to freely use MTE instructions in the
+code called by mte_thread_switch().
+
+Since this would mean that we do a redundant check in
+mte_check_tfsr_el1(), remove it and add two checks now required in its
+callers. This also avoids an unnecessary DSB+ISB sequence on the syscall
+exit path for hardware not supporting MTE.
+
+Fixes: 65812c6921cc ("arm64: mte: Enable async tag check fault")
+Cc: <stable@vger.kernel.org> # 5.13.x
+Signed-off-by: Peter Collingbourne <pcc@google.com>
+Link: https://linux-review.googlesource.com/id/I02fd000d1ef2c86c7d2952a7f099b254ec227a5d
+Link: https://lore.kernel.org/r/20210915190336.398390-1-pcc@google.com
+[catalin.marinas@arm.com: adjust the commit log slightly]
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/include/asm/mte.h |    6 ++++++
+ arch/arm64/kernel/mte.c      |   10 ++++------
+ 2 files changed, 10 insertions(+), 6 deletions(-)
+
+--- a/arch/arm64/include/asm/mte.h
++++ b/arch/arm64/include/asm/mte.h
+@@ -105,11 +105,17 @@ void mte_check_tfsr_el1(void);
+ 
+ static inline void mte_check_tfsr_entry(void)
+ {
++	if (!system_supports_mte())
++		return;
++
+ 	mte_check_tfsr_el1();
+ }
+ 
+ static inline void mte_check_tfsr_exit(void)
+ {
++	if (!system_supports_mte())
++		return;
++
+ 	/*
+ 	 * The asynchronous faults are sync'ed automatically with
+ 	 * TFSR_EL1 on kernel entry but for exit an explicit dsb()
+--- a/arch/arm64/kernel/mte.c
++++ b/arch/arm64/kernel/mte.c
+@@ -173,12 +173,7 @@ bool mte_report_once(void)
+ #ifdef CONFIG_KASAN_HW_TAGS
+ void mte_check_tfsr_el1(void)
+ {
+-	u64 tfsr_el1;
+-
+-	if (!system_supports_mte())
+-		return;
+-
+-	tfsr_el1 = read_sysreg_s(SYS_TFSR_EL1);
++	u64 tfsr_el1 = read_sysreg_s(SYS_TFSR_EL1);
+ 
+ 	if (unlikely(tfsr_el1 & SYS_TFSR_EL1_TF1)) {
+ 		/*
+@@ -221,6 +216,9 @@ void mte_thread_init_user(void)
+ 
+ void mte_thread_switch(struct task_struct *next)
+ {
++	if (!system_supports_mte())
++		return;
++
+ 	/*
+ 	 * Check if an async tag exception occurred at EL1.
+ 	 *
diff --git a/queue-5.14/series b/queue-5.14/series
index af016a9bf8c..e5b54a0d6eb 100644
--- a/queue-5.14/series
+++ b/queue-5.14/series
@@ -152,3 +152,6 @@ edac-dmc520-assign-the-proper-type-to-dimm-edac_mode.patch
 x86-setup-call-early_reserve_memory-earlier.patch
 thermal-drivers-int340x-do-not-set-a-wrong-tcc-offset-on-resume.patch
 irqchip-armada-370-xp-fix-ack-eoi-breakage.patch
+arm64-add-mte-supported-check-to-thread-switching-and-syscall-entry-exit.patch
+usb-serial-cp210x-fix-dropped-characters-with-cp2102.patch
+software-node-balance-refcount-for-managed-software-nodes.patch
diff --git a/queue-5.14/software-node-balance-refcount-for-managed-software-nodes.patch b/queue-5.14/software-node-balance-refcount-for-managed-software-nodes.patch
new file mode 100644
index 00000000000..7e97f435d27
--- /dev/null
+++ b/queue-5.14/software-node-balance-refcount-for-managed-software-nodes.patch
@@ -0,0 +1,85 @@
+From 5aeb05b27f81269a2bf2e15eab9fc0f9a400d3a8 Mon Sep 17 00:00:00 2001
+From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
+Date: Wed, 15 Sep 2021 11:09:39 +0300
+Subject: software node: balance refcount for managed software nodes
+
+From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
+
+commit 5aeb05b27f81269a2bf2e15eab9fc0f9a400d3a8 upstream.
+
+software_node_notify(), on KOBJ_REMOVE drops the refcount twice on managed
+software nodes, thus leading to underflow errors. Balance the refcount by
+bumping it in the device_create_managed_software_node() function.
+
+The error [1] was encountered after adding a .shutdown() op to our
+fsl-mc-bus driver.
+
+[1]
+pc : refcount_warn_saturate+0xf8/0x150
+lr : refcount_warn_saturate+0xf8/0x150
+sp : ffff80001009b920
+x29: ffff80001009b920 x28: ffff1a2420318000 x27: 0000000000000000
+x26: ffffccac15e7a038 x25: 0000000000000008 x24: ffffccac168e0030
+x23: ffff1a2428a82000 x22: 0000000000080000 x21: ffff1a24287b5000
+x20: 0000000000000001 x19: ffff1a24261f4400 x18: ffffffffffffffff
+x17: 6f72645f726f7272 x16: 0000000000000000 x15: ffff80009009b607
+x14: 0000000000000000 x13: ffffccac16602670 x12: 0000000000000a17
+x11: 000000000000035d x10: ffffccac16602670 x9 : ffffccac16602670
+x8 : 00000000ffffefff x7 : ffffccac1665a670 x6 : ffffccac1665a670
+x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000ffffffff
+x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff1a2420318000
+Call trace:
+ refcount_warn_saturate+0xf8/0x150
+ kobject_put+0x10c/0x120
+ software_node_notify+0xd8/0x140
+ device_platform_notify+0x4c/0xb4
+ device_del+0x188/0x424
+ fsl_mc_device_remove+0x2c/0x4c
+ rebofind sp.c__fsl_mc_device_remove+0x14/0x2c
+ device_for_each_child+0x5c/0xac
+ dprc_remove+0x9c/0xc0
+ fsl_mc_driver_remove+0x28/0x64
+ __device_release_driver+0x188/0x22c
+ device_release_driver+0x30/0x50
+ bus_remove_device+0x128/0x134
+ device_del+0x16c/0x424
+ fsl_mc_bus_remove+0x8c/0x114
+ fsl_mc_bus_shutdown+0x14/0x20
+ platform_shutdown+0x28/0x40
+ device_shutdown+0x15c/0x330
+ __do_sys_reboot+0x218/0x2a0
+ __arm64_sys_reboot+0x28/0x34
+ invoke_syscall+0x48/0x114
+ el0_svc_common+0x40/0xdc
+ do_el0_svc+0x2c/0x94
+ el0_svc+0x2c/0x54
+ el0t_64_sync_handler+0xa8/0x12c
+ el0t_64_sync+0x198/0x19c
+---[ end trace 32eb1c71c7d86821 ]---
+
+Fixes: 151f6ff78cdf ("software node: Provide replacement for device_add_properties()")
+Reported-by: Jon Nettleton <jon@solid-run.com>
+Suggested-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
+Cc: 5.12+ <stable@vger.kernel.org> # 5.12+
+[ rjw: Fix up the software_node_notify() invocation ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/swnode.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/base/swnode.c
++++ b/drivers/base/swnode.c
+@@ -1113,6 +1113,9 @@ int device_create_managed_software_node(
+ 	to_swnode(fwnode)->managed = true;
+ 	set_secondary_fwnode(dev, fwnode);
+ 
++	if (device_is_registered(dev))
++		software_node_notify(dev, KOBJ_ADD);
++
+ 	return 0;
+ }
+ EXPORT_SYMBOL_GPL(device_create_managed_software_node);
diff --git a/queue-5.14/usb-serial-cp210x-fix-dropped-characters-with-cp2102.patch b/queue-5.14/usb-serial-cp210x-fix-dropped-characters-with-cp2102.patch
new file mode 100644
index 00000000000..f1e32358933
--- /dev/null
+++ b/queue-5.14/usb-serial-cp210x-fix-dropped-characters-with-cp2102.patch
@@ -0,0 +1,113 @@
+From c32dfec6c1c36bbbcd5d33e949d99aeb215877ec Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Wed, 22 Sep 2021 13:30:59 +0200
+Subject: USB: serial: cp210x: fix dropped characters with CP2102
+
+From: Johan Hovold <johan@kernel.org>
+
+commit c32dfec6c1c36bbbcd5d33e949d99aeb215877ec upstream.
+
+Some CP2102 do not support event-insertion mode but return no error when
+attempting to enable it.
+
+This means that any event escape characters in the input stream will not
+be escaped by the device and consequently regular data may be
+interpreted as escape sequences and be removed from the stream by the
+driver.
+
+The reporter's device has batch number DCL00X etched into it and as
+discovered by the SHA2017 Badge team, counterfeit devices with that
+marking can be detected by sending malformed vendor requests. [1][2]
+
+Tests confirm that the possibly counterfeit CP2102 returns a single byte
+in response to a malformed two-byte part-number request, while an
+original CP2102 returns two bytes. Assume that every CP2102 that behaves
+this way also does not support event-insertion mode (e.g. cannot report
+parity errors).
+
+[1] https://mobile.twitter.com/sha2017badge/status/1167902087289532418
+[2] https://hackaday.com/2017/08/14/hands-on-with-the-shacamp-2017-badge/#comment-3903376
+
+Reported-by: Malte Di Donato <malte@neo-soft.org>
+Tested-by: Malte Di Donato <malte@neo-soft.org>
+Fixes: a7207e9835a4 ("USB: serial: cp210x: add support for line-status events")
+Cc: stable@vger.kernel.org	# 5.9
+Link: https://lore.kernel.org/r/20210922113100.20888-1-johan@kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/cp210x.c |   35 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+)
+
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -259,6 +259,7 @@ struct cp210x_serial_private {
+ 	speed_t			max_speed;
+ 	bool			use_actual_rate;
+ 	bool			no_flow_control;
++	bool			no_event_mode;
+ };
+ 
+ enum cp210x_event_state {
+@@ -1113,12 +1114,16 @@ static void cp210x_change_speed(struct t
+ 
+ static void cp210x_enable_event_mode(struct usb_serial_port *port)
+ {
++	struct cp210x_serial_private *priv = usb_get_serial_data(port->serial);
+ 	struct cp210x_port_private *port_priv = usb_get_serial_port_data(port);
+ 	int ret;
+ 
+ 	if (port_priv->event_mode)
+ 		return;
+ 
++	if (priv->no_event_mode)
++		return;
++
+ 	port_priv->event_state = ES_DATA;
+ 	port_priv->event_mode = true;
+ 
+@@ -2098,6 +2103,33 @@ static void cp210x_init_max_speed(struct
+ 	priv->use_actual_rate = use_actual_rate;
+ }
+ 
++static void cp2102_determine_quirks(struct usb_serial *serial)
++{
++	struct cp210x_serial_private *priv = usb_get_serial_data(serial);
++	u8 *buf;
++	int ret;
++
++	buf = kmalloc(2, GFP_KERNEL);
++	if (!buf)
++		return;
++	/*
++	 * Some (possibly counterfeit) CP2102 do not support event-insertion
++	 * mode and respond differently to malformed vendor requests.
++	 * Specifically, they return one instead of two bytes when sent a
++	 * two-byte part-number request.
++	 */
++	ret = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0),
++			CP210X_VENDOR_SPECIFIC, REQTYPE_DEVICE_TO_HOST,
++			CP210X_GET_PARTNUM, 0, buf, 2, USB_CTRL_GET_TIMEOUT);
++	if (ret == 1) {
++		dev_dbg(&serial->interface->dev,
++				"device does not support event-insertion mode\n");
++		priv->no_event_mode = true;
++	}
++
++	kfree(buf);
++}
++
+ static int cp210x_get_fw_version(struct usb_serial *serial, u16 value)
+ {
+ 	struct cp210x_serial_private *priv = usb_get_serial_data(serial);
+@@ -2123,6 +2155,9 @@ static void cp210x_determine_quirks(stru
+ 	int ret;
+ 
+ 	switch (priv->partnum) {
++	case CP210X_PARTNUM_CP2102:
++		cp2102_determine_quirks(serial);
++		break;
+ 	case CP210X_PARTNUM_CP2102N_QFN28:
+ 	case CP210X_PARTNUM_CP2102N_QFN24:
+ 	case CP210X_PARTNUM_CP2102N_QFN20: