From: Sasha Levin Date: Thu, 11 Jun 2020 17:42:08 +0000 (-0400) Subject: Fixes for 5.4 X-Git-Tag: v5.4.47~126 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=273cc8e6837e8416982a51cbc9c968f687d3b5af;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/arm-8977-1-ptrace-fix-mask-for-thumb-breakpoint-hook.patch b/queue-5.4/arm-8977-1-ptrace-fix-mask-for-thumb-breakpoint-hook.patch new file mode 100644 index 00000000000..f677b7494ef --- /dev/null +++ b/queue-5.4/arm-8977-1-ptrace-fix-mask-for-thumb-breakpoint-hook.patch @@ -0,0 +1,53 @@ +From c8328f6baa9596cc15bec1f832a97dccd2d14f0d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 May 2020 19:41:11 +0100 +Subject: ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook + +From: Fredrik Strupe + +[ Upstream commit 3866f217aaa81bf7165c7f27362eee5d7919c496 ] + +call_undef_hook() in traps.c applies the same instr_mask for both 16-bit +and 32-bit thumb instructions. If instr_mask then is only 16 bits wide +(0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb +instructions will be masked out. This makes the function match 32-bit +thumb instructions where the second half-word is equal to instr_val, +regardless of the first half-word. + +The result in this case is that all undefined 32-bit thumb instructions +with the second half-word equal to 0xde01 (udf #1) work as breakpoints +and will raise a SIGTRAP instead of a SIGILL, instead of just the one +intended 16-bit instruction. An example of such an instruction is +0xeaa0de01, which is unallocated according to Arm ARM and should raise a +SIGILL, but instead raises a SIGTRAP. + +This patch fixes the issue by setting all the bits in instr_mask, which +will still match the intended 16-bit thumb instruction (where the +upper half is always 0), but not any 32-bit thumb instructions. + +Cc: Oleg Nesterov +Signed-off-by: Fredrik Strupe +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/kernel/ptrace.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c +index 324352787aea..db9401581cd2 100644 +--- a/arch/arm/kernel/ptrace.c ++++ b/arch/arm/kernel/ptrace.c +@@ -219,8 +219,8 @@ static struct undef_hook arm_break_hook = { + }; + + static struct undef_hook thumb_break_hook = { +- .instr_mask = 0xffff, +- .instr_val = 0xde01, ++ .instr_mask = 0xffffffff, ++ .instr_val = 0x0000de01, + .cpsr_mask = PSR_T_BIT, + .cpsr_val = PSR_T_BIT, + .fn = break_trap, +-- +2.25.1 + diff --git a/queue-5.4/csky-fixup-abiv2-syscall_trace-break-a4-a5.patch b/queue-5.4/csky-fixup-abiv2-syscall_trace-break-a4-a5.patch new file mode 100644 index 00000000000..160745a4aa6 --- /dev/null +++ b/queue-5.4/csky-fixup-abiv2-syscall_trace-break-a4-a5.patch @@ -0,0 +1,52 @@ +From f32e68f9e6b109f2cf9e8643cd5107e950c3ff68 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 24 May 2020 10:44:38 +0000 +Subject: csky: Fixup abiv2 syscall_trace break a4 & a5 + +From: Guo Ren + +[ Upstream commit e0bbb53843b5fdfe464b099217e3b9d97e8a75d7 ] + +Current implementation could destory a4 & a5 when strace, so we need to get them +from pt_regs by SAVE_ALL. + +Signed-off-by: Guo Ren +Signed-off-by: Sasha Levin +--- + arch/csky/abiv2/inc/abi/entry.h | 2 ++ + arch/csky/kernel/entry.S | 6 ++++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/arch/csky/abiv2/inc/abi/entry.h b/arch/csky/abiv2/inc/abi/entry.h +index 9023828ede97..ac8f65a3e75a 100644 +--- a/arch/csky/abiv2/inc/abi/entry.h ++++ b/arch/csky/abiv2/inc/abi/entry.h +@@ -13,6 +13,8 @@ + #define LSAVE_A1 28 + #define LSAVE_A2 32 + #define LSAVE_A3 36 ++#define LSAVE_A4 40 ++#define LSAVE_A5 44 + + #define KSPTOUSP + #define USPTOKSP +diff --git a/arch/csky/kernel/entry.S b/arch/csky/kernel/entry.S +index 65c55f22532a..4349528fbf38 100644 +--- a/arch/csky/kernel/entry.S ++++ b/arch/csky/kernel/entry.S +@@ -170,8 +170,10 @@ csky_syscall_trace: + ldw a3, (sp, LSAVE_A3) + #if defined(__CSKYABIV2__) + subi sp, 8 +- stw r5, (sp, 0x4) +- stw r4, (sp, 0x0) ++ ldw r9, (sp, LSAVE_A4) ++ stw r9, (sp, 0x0) ++ ldw r9, (sp, LSAVE_A5) ++ stw r9, (sp, 0x4) + #else + ldw r6, (sp, LSAVE_A4) + ldw r7, (sp, LSAVE_A5) +-- +2.25.1 + diff --git a/queue-5.4/drivers-net-ibmvnic-update-vnic-protocol-version-rep.patch b/queue-5.4/drivers-net-ibmvnic-update-vnic-protocol-version-rep.patch new file mode 100644 index 00000000000..b5287fbfa6f --- /dev/null +++ b/queue-5.4/drivers-net-ibmvnic-update-vnic-protocol-version-rep.patch @@ -0,0 +1,43 @@ +From fd6e406653934e780611f3a8ec8a16e49f7fa58a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 May 2020 11:19:17 -0500 +Subject: drivers/net/ibmvnic: Update VNIC protocol version reporting + +From: Thomas Falcon + +[ Upstream commit 784688993ebac34dffe44a9f2fabbe126ebfd4db ] + +VNIC protocol version is reported in big-endian format, but it +is not byteswapped before logging. Fix that, and remove version +comparison as only one protocol version exists at this time. + +Signed-off-by: Thomas Falcon +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/ibm/ibmvnic.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c +index aaa03ce5796f..5a42ddeecfe5 100644 +--- a/drivers/net/ethernet/ibm/ibmvnic.c ++++ b/drivers/net/ethernet/ibm/ibmvnic.c +@@ -4536,12 +4536,10 @@ static void ibmvnic_handle_crq(union ibmvnic_crq *crq, + dev_err(dev, "Error %ld in VERSION_EXCHG_RSP\n", rc); + break; + } +- dev_info(dev, "Partner protocol version is %d\n", +- crq->version_exchange_rsp.version); +- if (be16_to_cpu(crq->version_exchange_rsp.version) < +- ibmvnic_version) +- ibmvnic_version = ++ ibmvnic_version = + be16_to_cpu(crq->version_exchange_rsp.version); ++ dev_info(dev, "Partner protocol version is %d\n", ++ ibmvnic_version); + send_cap_queries(adapter); + break; + case QUERY_CAPABILITY_RSP: +-- +2.25.1 + diff --git a/queue-5.4/gfs2-even-more-gfs2_find_jhead-fixes.patch b/queue-5.4/gfs2-even-more-gfs2_find_jhead-fixes.patch new file mode 100644 index 00000000000..b32ac62c7cb --- /dev/null +++ b/queue-5.4/gfs2-even-more-gfs2_find_jhead-fixes.patch @@ -0,0 +1,91 @@ +From 817d8f8a0afec17c4b21393d435e0df36be52d40 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 May 2020 20:11:51 +0200 +Subject: gfs2: Even more gfs2_find_jhead fixes + +From: Andreas Gruenbacher + +[ Upstream commit 20be493b787cd581c9fffad7fcd6bfbe6af1050c ] + +Fix several issues in the previous gfs2_find_jhead fix: +* When updating @blocks_submitted, @block refers to the first block block not + submitted yet, not the last block submitted, so fix an off-by-one error. +* We want to ensure that @blocks_submitted is far enough ahead of @blocks_read + to guarantee that there is in-flight I/O. Otherwise, we'll eventually end up + waiting for pages that haven't been submitted, yet. +* It's much easier to compare the number of blocks added with the number of + blocks submitted to limit the maximum bio size. +* Even with bio chaining, we can keep adding blocks until we reach the maximum + bio size, as long as we stop at a page boundary. This simplifies the logic. + +Signed-off-by: Andreas Gruenbacher +Reviewed-by: Bob Peterson +Signed-off-by: Sasha Levin +--- + fs/gfs2/lops.c | 15 +++++---------- + 1 file changed, 5 insertions(+), 10 deletions(-) + +diff --git a/fs/gfs2/lops.c b/fs/gfs2/lops.c +index 8303b44a5068..d2ed4dc4434c 100644 +--- a/fs/gfs2/lops.c ++++ b/fs/gfs2/lops.c +@@ -504,12 +504,12 @@ int gfs2_find_jhead(struct gfs2_jdesc *jd, struct gfs2_log_header_host *head, + unsigned int bsize = sdp->sd_sb.sb_bsize, off; + unsigned int bsize_shift = sdp->sd_sb.sb_bsize_shift; + unsigned int shift = PAGE_SHIFT - bsize_shift; +- unsigned int max_bio_size = 2 * 1024 * 1024; ++ unsigned int max_blocks = 2 * 1024 * 1024 >> bsize_shift; + struct gfs2_journal_extent *je; + int sz, ret = 0; + struct bio *bio = NULL; + struct page *page = NULL; +- bool bio_chained = false, done = false; ++ bool done = false; + errseq_t since; + + memset(head, 0, sizeof(*head)); +@@ -532,10 +532,7 @@ int gfs2_find_jhead(struct gfs2_jdesc *jd, struct gfs2_log_header_host *head, + off = 0; + } + +- if (!bio || (bio_chained && !off) || +- bio->bi_iter.bi_size >= max_bio_size) { +- /* start new bio */ +- } else { ++ if (bio && (off || block < blocks_submitted + max_blocks)) { + sector_t sector = dblock << sdp->sd_fsb2bb_shift; + + if (bio_end_sector(bio) == sector) { +@@ -548,19 +545,17 @@ int gfs2_find_jhead(struct gfs2_jdesc *jd, struct gfs2_log_header_host *head, + (PAGE_SIZE - off) >> bsize_shift; + + bio = gfs2_chain_bio(bio, blocks); +- bio_chained = true; + goto add_block_to_new_bio; + } + } + + if (bio) { +- blocks_submitted = block + 1; ++ blocks_submitted = block; + submit_bio(bio); + } + + bio = gfs2_log_alloc_bio(sdp, dblock, gfs2_end_log_read); + bio->bi_opf = REQ_OP_READ; +- bio_chained = false; + add_block_to_new_bio: + sz = bio_add_page(bio, page, bsize, off); + BUG_ON(sz != bsize); +@@ -568,7 +563,7 @@ block_added: + off += bsize; + if (off == PAGE_SIZE) + page = NULL; +- if (blocks_submitted < 2 * max_bio_size >> bsize_shift) { ++ if (blocks_submitted <= blocks_read + max_blocks) { + /* Keep at least one bio in flight */ + continue; + } +-- +2.25.1 + diff --git a/queue-5.4/input-mms114-fix-handling-of-mms345l.patch b/queue-5.4/input-mms114-fix-handling-of-mms345l.patch new file mode 100644 index 00000000000..660ff08a765 --- /dev/null +++ b/queue-5.4/input-mms114-fix-handling-of-mms345l.patch @@ -0,0 +1,70 @@ +From 523419024262f4f46b3fe9eaa6f139b0fb406011 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Apr 2020 13:49:03 -0700 +Subject: Input: mms114 - fix handling of mms345l + +From: Stephan Gerhold + +[ Upstream commit 3f8f770575d911c989043d8f0fb8dec96360c41c ] + +MMS345L is another first generation touch screen from Melfas, +which uses the same registers as MMS152. + +However, using I2C_M_NOSTART for it causes errors when reading: + + i2c i2c-0: sendbytes: NAK bailout. + mms114 0-0048: __mms114_read_reg: i2c transfer failed (-5) + +The driver works fine as soon as I2C_M_NOSTART is removed. + +Reviewed-by: Andi Shyti +Signed-off-by: Stephan Gerhold +Link: https://lore.kernel.org/r/20200405170904.61512-1-stephan@gerhold.net +[dtor: removed separate mms345l handling, made everyone use standard +transfer mode, propagated the 10bit addressing flag to the read part of the +transfer as well.] +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/touchscreen/mms114.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/drivers/input/touchscreen/mms114.c b/drivers/input/touchscreen/mms114.c +index a5ab774da4cc..fca908ba4841 100644 +--- a/drivers/input/touchscreen/mms114.c ++++ b/drivers/input/touchscreen/mms114.c +@@ -91,15 +91,15 @@ static int __mms114_read_reg(struct mms114_data *data, unsigned int reg, + if (reg <= MMS114_MODE_CONTROL && reg + len > MMS114_MODE_CONTROL) + BUG(); + +- /* Write register: use repeated start */ ++ /* Write register */ + xfer[0].addr = client->addr; +- xfer[0].flags = I2C_M_TEN | I2C_M_NOSTART; ++ xfer[0].flags = client->flags & I2C_M_TEN; + xfer[0].len = 1; + xfer[0].buf = &buf; + + /* Read data */ + xfer[1].addr = client->addr; +- xfer[1].flags = I2C_M_RD; ++ xfer[1].flags = (client->flags & I2C_M_TEN) | I2C_M_RD; + xfer[1].len = len; + xfer[1].buf = val; + +@@ -428,10 +428,8 @@ static int mms114_probe(struct i2c_client *client, + const void *match_data; + int error; + +- if (!i2c_check_functionality(client->adapter, +- I2C_FUNC_PROTOCOL_MANGLING)) { +- dev_err(&client->dev, +- "Need i2c bus that supports protocol mangling\n"); ++ if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { ++ dev_err(&client->dev, "Not supported I2C adapter\n"); + return -ENODEV; + } + +-- +2.25.1 + diff --git a/queue-5.4/input-synaptics-add-a-second-working-pnp_id-for-leno.patch b/queue-5.4/input-synaptics-add-a-second-working-pnp_id-for-leno.patch new file mode 100644 index 00000000000..12a4ac4c392 --- /dev/null +++ b/queue-5.4/input-synaptics-add-a-second-working-pnp_id-for-leno.patch @@ -0,0 +1,37 @@ +From 9c1100f01d97c7945ad48dfcff0518806fb01230 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 May 2020 23:03:13 -0700 +Subject: Input: synaptics - add a second working PNP_ID for Lenovo T470s + +From: Dennis Kadioglu + +[ Upstream commit 642aa86eaf8f1e6fe894f20fd7f12f0db52ee03c ] + +The Lenovo Thinkpad T470s I own has a different touchpad with "LEN007a" +instead of the already included PNP ID "LEN006c". However, my touchpad +seems to work well without any problems using RMI. So this patch adds the +other PNP ID. + +Signed-off-by: Dennis Kadioglu +Link: https://lore.kernel.org/r/ff770543cd53ae818363c0fe86477965@mail.eclipso.de +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/mouse/synaptics.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c +index 4d2036209b45..758dae8d6500 100644 +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -170,6 +170,7 @@ static const char * const smbus_pnp_ids[] = { + "LEN005b", /* P50 */ + "LEN005e", /* T560 */ + "LEN006c", /* T470s */ ++ "LEN007a", /* T470s */ + "LEN0071", /* T480 */ + "LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */ + "LEN0073", /* X1 Carbon G5 (Elantech) */ +-- +2.25.1 + diff --git a/queue-5.4/sched-fair-don-t-numa-balance-for-kthreads.patch b/queue-5.4/sched-fair-don-t-numa-balance-for-kthreads.patch new file mode 100644 index 00000000000..ab61d03a9d3 --- /dev/null +++ b/queue-5.4/sched-fair-don-t-numa-balance-for-kthreads.patch @@ -0,0 +1,55 @@ +From 99e10114a3604de868419e7fa0961de0b4079a8d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 May 2020 09:38:31 -0600 +Subject: sched/fair: Don't NUMA balance for kthreads + +From: Jens Axboe + +[ Upstream commit 18f855e574d9799a0e7489f8ae6fd8447d0dd74a ] + +Stefano reported a crash with using SQPOLL with io_uring: + + BUG: kernel NULL pointer dereference, address: 00000000000003b0 + CPU: 2 PID: 1307 Comm: io_uring-sq Not tainted 5.7.0-rc7 #11 + RIP: 0010:task_numa_work+0x4f/0x2c0 + Call Trace: + task_work_run+0x68/0xa0 + io_sq_thread+0x252/0x3d0 + kthread+0xf9/0x130 + ret_from_fork+0x35/0x40 + +which is task_numa_work() oopsing on current->mm being NULL. + +The task work is queued by task_tick_numa(), which checks if current->mm is +NULL at the time of the call. But this state isn't necessarily persistent, +if the kthread is using use_mm() to temporarily adopt the mm of a task. + +Change the task_tick_numa() check to exclude kernel threads in general, +as it doesn't make sense to attempt ot balance for kthreads anyway. + +Reported-by: Stefano Garzarella +Signed-off-by: Jens Axboe +Signed-off-by: Ingo Molnar +Acked-by: Peter Zijlstra +Link: https://lore.kernel.org/r/865de121-8190-5d30-ece5-3b097dc74431@kernel.dk +Signed-off-by: Sasha Levin +--- + kernel/sched/fair.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 193b6ab74d7f..8a0e6bdba50d 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -2678,7 +2678,7 @@ static void task_tick_numa(struct rq *rq, struct task_struct *curr) + /* + * We don't care about NUMA placement if we don't have memory. + */ +- if (!curr->mm || (curr->flags & PF_EXITING) || work->next != work) ++ if ((curr->flags & (PF_EXITING | PF_KTHREAD)) || work->next != work) + return; + + /* +-- +2.25.1 + diff --git a/queue-5.4/series b/queue-5.4/series index 8a129f2f5d1..e3ef1929fda 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -6,3 +6,10 @@ bridge-avoid-infinite-loop-when-suppressing-ns-messages-with-invalid-options.pat vxlan-avoid-infinite-loop-when-suppressing-ns-messages-with-invalid-options.patch bpf-support-llvm-objcopy-for-vmlinux-btf.patch elfnote-mark-all-.note-sections-shf_alloc.patch +input-mms114-fix-handling-of-mms345l.patch +arm-8977-1-ptrace-fix-mask-for-thumb-breakpoint-hook.patch +sched-fair-don-t-numa-balance-for-kthreads.patch +input-synaptics-add-a-second-working-pnp_id-for-leno.patch +csky-fixup-abiv2-syscall_trace-break-a4-a5.patch +gfs2-even-more-gfs2_find_jhead-fixes.patch +drivers-net-ibmvnic-update-vnic-protocol-version-rep.patch