From: Greg Kroah-Hartman Date: Mon, 5 Sep 2022 15:54:15 +0000 (+0200) Subject: 5.19-stable patches X-Git-Tag: v5.10.142~68 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2bf4ab662a6a0721269c05b0b8acb46b46351e03;p=thirdparty%2Fkernel%2Fstable-queue.git 5.19-stable patches added patches: musb-fix-usb_musb_tusb6010-dependency.patch powerpc-align-syscall-table-for-ppc32.patch powerpc-rtas-fix-rtas-msr-handling-for-cell.patch revert-powerpc-remove-unused-fw_feature_native-references.patch vt-clear-selection-before-changing-the-font.patch --- diff --git a/queue-5.19/musb-fix-usb_musb_tusb6010-dependency.patch b/queue-5.19/musb-fix-usb_musb_tusb6010-dependency.patch new file mode 100644 index 00000000000..cb821a825ca --- /dev/null +++ b/queue-5.19/musb-fix-usb_musb_tusb6010-dependency.patch @@ -0,0 +1,41 @@ +From a3f2fd22743fc56dd5e3896a3fbddd276df1577f Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Thu, 18 Aug 2022 15:57:20 +0200 +Subject: musb: fix USB_MUSB_TUSB6010 dependency + +From: Arnd Bergmann + +commit a3f2fd22743fc56dd5e3896a3fbddd276df1577f upstream. + +Turning on NOP_USB_XCEIV as builtin broke the TUSB6010 driver because +of an older issue with the depencency. + +It is not necessary to forbid NOP_USB_XCEIV=y in combination with +USB_MUSB_HDRC=m, but only the reverse, which causes the link failure +from the original Kconfig change. + +Use the correct dependency to still allow NOP_USB_XCEIV=n or +NOP_USB_XCEIV=y but forbid NOP_USB_XCEIV=m when USB_MUSB_HDRC=m +to fix the multi_v7_defconfig for tusb. + +Fixes: ab37a7a890c1 ("ARM: multi_v7_defconfig: Make NOP_USB_XCEIV driver built-in") +Fixes: c0442479652b ("usb: musb: Fix randconfig build issues for Kconfig options") +Cc: stable +Signed-off-by: Arnd Bergmann +Link: https://lore.kernel.org/r/20220818135737.3143895-10-arnd@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/musb/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/musb/Kconfig ++++ b/drivers/usb/musb/Kconfig +@@ -86,7 +86,7 @@ config USB_MUSB_TUSB6010 + tristate "TUSB6010" + depends on HAS_IOMEM + depends on ARCH_OMAP2PLUS || COMPILE_TEST +- depends on NOP_USB_XCEIV = USB_MUSB_HDRC # both built-in or both modules ++ depends on NOP_USB_XCEIV!=m || USB_MUSB_HDRC=m + + config USB_MUSB_OMAP2PLUS + tristate "OMAP2430 and onwards" diff --git a/queue-5.19/powerpc-align-syscall-table-for-ppc32.patch b/queue-5.19/powerpc-align-syscall-table-for-ppc32.patch new file mode 100644 index 00000000000..39a58e4aee9 --- /dev/null +++ b/queue-5.19/powerpc-align-syscall-table-for-ppc32.patch @@ -0,0 +1,70 @@ +From c7acee3d2f128a38b68fb7af85dbbd91bfd0b4ad Mon Sep 17 00:00:00 2001 +From: Masahiro Yamada +Date: Sun, 21 Aug 2022 01:51:29 +0900 +Subject: powerpc: align syscall table for ppc32 + +From: Masahiro Yamada + +commit c7acee3d2f128a38b68fb7af85dbbd91bfd0b4ad upstream. + +Christophe Leroy reported that commit 7b4537199a4a ("kbuild: link +symbol CRCs at final link, removing CONFIG_MODULE_REL_CRCS") broke +mpc85xx_defconfig + CONFIG_RELOCATABLE=y. + + LD vmlinux + SYSMAP System.map + SORTTAB vmlinux + CHKREL vmlinux + WARNING: 451 bad relocations + c0b312a9 R_PPC_UADDR32 .head.text-0x3ff9ed54 + c0b312ad R_PPC_UADDR32 .head.text-0x3ffac224 + c0b312b1 R_PPC_UADDR32 .head.text-0x3ffb09f4 + c0b312b5 R_PPC_UADDR32 .head.text-0x3fe184dc + c0b312b9 R_PPC_UADDR32 .head.text-0x3fe183a8 + ... + +The compiler emits a bunch of R_PPC_UADDR32, which is not supported by +arch/powerpc/kernel/reloc_32.S. + +The reason is there exists an unaligned symbol. + + $ powerpc-linux-gnu-nm -n vmlinux + ... + c0b31258 d spe_aligninfo + c0b31298 d __func__.0 + c0b312a9 D sys_call_table + c0b319b8 d __func__.0 + +Commit 7b4537199a4a is not the root cause. Even before that, I can +reproduce the same issue for mpc85xx_defconfig + CONFIG_RELOCATABLE=y ++ CONFIG_MODVERSIONS=n. + +It is just that nobody noticed because when CONFIG_MODVERSIONS is +enabled, a __crc_* symbol inserted before sys_call_table was hiding the +unalignment issue. + +Adding alignment to the syscall table for ppc32 fixes the issue. + +Cc: stable@vger.kernel.org +Reported-by: Christophe Leroy +Signed-off-by: Masahiro Yamada +Tested-by: Christophe Leroy +[mpe: Trim change log discussion, add Cc stable] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/lkml/38605f6a-a568-f884-f06f-ea4da5b214f0@csgroup.eu/ +Link: https://lore.kernel.org/r/20220820165129.1147589-1-masahiroy@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/systbl.S | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/powerpc/kernel/systbl.S ++++ b/arch/powerpc/kernel/systbl.S +@@ -18,6 +18,7 @@ + .p2align 3 + #define __SYSCALL(nr, entry) .8byte entry + #else ++ .p2align 2 + #define __SYSCALL(nr, entry) .long entry + #endif + diff --git a/queue-5.19/powerpc-rtas-fix-rtas-msr-handling-for-cell.patch b/queue-5.19/powerpc-rtas-fix-rtas-msr-handling-for-cell.patch new file mode 100644 index 00000000000..d79a0f6ae42 --- /dev/null +++ b/queue-5.19/powerpc-rtas-fix-rtas-msr-handling-for-cell.patch @@ -0,0 +1,71 @@ +From 91926d8b7e71aaf5f84f0cf208fc5a8b7a761050 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Tue, 23 Aug 2022 21:59:52 +1000 +Subject: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell + +From: Michael Ellerman + +commit 91926d8b7e71aaf5f84f0cf208fc5a8b7a761050 upstream. + +The semi-recent changes to MSR handling when entering RTAS (firmware) +cause crashes on IBM Cell machines. An example trace: + + kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0) + BUG: Unable to handle kernel instruction fetch + Faulting instruction address: 0x2fff01a8 + Oops: Kernel access of bad area, sig: 11 [#1] + BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell + Modules linked in: + CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207 + NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000 + REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a) + MSR: 0000000008001002 CR: 00000000 XER: 20000000 + ... + NIP 0x2fff01a8 + LR 0x32608 + Call Trace: + 0xc00000000143c5f8 (unreliable) + .rtas_call+0x224/0x320 + .rtas_get_boot_time+0x70/0x150 + .read_persistent_clock64+0x114/0x140 + .read_persistent_wall_and_boot_offset+0x24/0x80 + .timekeeping_init+0x40/0x29c + .start_kernel+0x674/0x8f0 + start_here_common+0x1c/0x50 + +Unlike PAPR platforms where RTAS is only used in guests, on the IBM Cell +machines Linux runs with MSR[HV] set but also uses RTAS, provided by +SLOF. + +Fix it by copying the MSR[HV] bit from the MSR value we've just read +using mfmsr into the value used for RTAS. + +It seems like we could also fix it using an #ifdef CELL to set MSR[HV], +but that doesn't work because it's possible to build a single kernel +image that runs on both Cell native and pseries. + +Fixes: b6b1c3ce06ca ("powerpc/rtas: Keep MSR[RI] set when calling RTAS") +Cc: stable@vger.kernel.org # v5.19+ +Signed-off-by: Michael Ellerman +Reviewed-by: Jordan Niethe +Link: https://lore.kernel.org/r/20220823115952.1203106-2-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/rtas_entry.S | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/powerpc/kernel/rtas_entry.S ++++ b/arch/powerpc/kernel/rtas_entry.S +@@ -109,8 +109,12 @@ __enter_rtas: + * its critical regions (as specified in PAPR+ section 7.2.1). MSR[S] + * is not impacted by RFI_TO_KERNEL (only urfid can unset it). So if + * MSR[S] is set, it will remain when entering RTAS. ++ * If we're in HV mode, RTAS must also run in HV mode, so extract MSR_HV ++ * from the saved MSR value and insert into the value RTAS will use. + */ ++ extrdi r0, r6, 1, 63 - MSR_HV_LG + LOAD_REG_IMMEDIATE(r6, MSR_ME | MSR_RI) ++ insrdi r6, r0, 1, 63 - MSR_HV_LG + + li r0,0 + mtmsrd r0,1 /* disable RI before using SRR0/1 */ diff --git a/queue-5.19/revert-powerpc-remove-unused-fw_feature_native-references.patch b/queue-5.19/revert-powerpc-remove-unused-fw_feature_native-references.patch new file mode 100644 index 00000000000..e062ccbc7af --- /dev/null +++ b/queue-5.19/revert-powerpc-remove-unused-fw_feature_native-references.patch @@ -0,0 +1,61 @@ +From 310d1344e3c58cc2d625aa4e52cfcb7d8a26fcbf Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Tue, 23 Aug 2022 21:59:51 +1000 +Subject: Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" + +From: Michael Ellerman + +commit 310d1344e3c58cc2d625aa4e52cfcb7d8a26fcbf upstream. + +This reverts commit 79b74a68486765a4fe685ac4069bc71366c538f5. + +It broke booting on IBM Cell machines when the kernel is also built with +CONFIG_PPC_PS3=y. + +That's because FW_FEATURE_NATIVE_ALWAYS = 0 does have an important +effect, which is to clear the PS3 ALWAYS features from +FW_FEATURE_ALWAYS. + +Note that CONFIG_PPC_NATIVE has since been renamed +CONFIG_PPC_HASH_MMU_NATIVE. + +Fixes: 79b74a684867 ("powerpc: Remove unused FW_FEATURE_NATIVE references") +Cc: stable@vger.kernel.org # v5.17+ +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220823115952.1203106-1-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/include/asm/firmware.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/arch/powerpc/include/asm/firmware.h ++++ b/arch/powerpc/include/asm/firmware.h +@@ -82,6 +82,8 @@ enum { + FW_FEATURE_POWERNV_ALWAYS = 0, + FW_FEATURE_PS3_POSSIBLE = FW_FEATURE_LPAR | FW_FEATURE_PS3_LV1, + FW_FEATURE_PS3_ALWAYS = FW_FEATURE_LPAR | FW_FEATURE_PS3_LV1, ++ FW_FEATURE_NATIVE_POSSIBLE = 0, ++ FW_FEATURE_NATIVE_ALWAYS = 0, + FW_FEATURE_POSSIBLE = + #ifdef CONFIG_PPC_PSERIES + FW_FEATURE_PSERIES_POSSIBLE | +@@ -92,6 +94,9 @@ enum { + #ifdef CONFIG_PPC_PS3 + FW_FEATURE_PS3_POSSIBLE | + #endif ++#ifdef CONFIG_PPC_HASH_MMU_NATIVE ++ FW_FEATURE_NATIVE_ALWAYS | ++#endif + 0, + FW_FEATURE_ALWAYS = + #ifdef CONFIG_PPC_PSERIES +@@ -103,6 +108,9 @@ enum { + #ifdef CONFIG_PPC_PS3 + FW_FEATURE_PS3_ALWAYS & + #endif ++#ifdef CONFIG_PPC_HASH_MMU_NATIVE ++ FW_FEATURE_NATIVE_ALWAYS & ++#endif + FW_FEATURE_POSSIBLE, + + #else /* CONFIG_PPC64 */ diff --git a/queue-5.19/series b/queue-5.19/series index 841e9a617d2..fcc76792334 100644 --- a/queue-5.19/series +++ b/queue-5.19/series @@ -63,3 +63,8 @@ tty-serial-atmel-preserve-previous-usart-mode-if-rs485-disabled.patch staging-rtl8712-fix-use-after-free-bugs.patch staging-r8188eu-add-rosewill-usb-n150-nano-to-device-tables.patch staging-r8188eu-add-firmware-dependency.patch +revert-powerpc-remove-unused-fw_feature_native-references.patch +powerpc-align-syscall-table-for-ppc32.patch +powerpc-rtas-fix-rtas-msr-handling-for-cell.patch +vt-clear-selection-before-changing-the-font.patch +musb-fix-usb_musb_tusb6010-dependency.patch diff --git a/queue-5.19/vt-clear-selection-before-changing-the-font.patch b/queue-5.19/vt-clear-selection-before-changing-the-font.patch new file mode 100644 index 00000000000..ab6a5d49767 --- /dev/null +++ b/queue-5.19/vt-clear-selection-before-changing-the-font.patch @@ -0,0 +1,58 @@ +From 566f9c9f89337792070b5a6062dff448b3e7977f Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 30 Jul 2022 20:50:18 +0200 +Subject: vt: Clear selection before changing the font + +From: Helge Deller + +commit 566f9c9f89337792070b5a6062dff448b3e7977f upstream. + +When changing the console font with ioctl(KDFONTOP) the new font size +can be bigger than the previous font. A previous selection may thus now +be outside of the new screen size and thus trigger out-of-bounds +accesses to graphics memory if the selection is removed in +vc_do_resize(). + +Prevent such out-of-memory accesses by dropping the selection before the +various con_font_set() console handlers are called. + +Reported-by: syzbot+14b0e8f3fd1612e35350@syzkaller.appspotmail.com +Cc: stable +Tested-by: Khalid Masum +Signed-off-by: Helge Deller +Link: https://lore.kernel.org/r/YuV9apZGNmGfjcor@p100 +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/vt/vt.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -4662,9 +4662,11 @@ static int con_font_set(struct vc_data * + console_lock(); + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; +- else if (vc->vc_sw->con_font_set) ++ else if (vc->vc_sw->con_font_set) { ++ if (vc_is_sel(vc)) ++ clear_selection(); + rc = vc->vc_sw->con_font_set(vc, &font, op->flags); +- else ++ } else + rc = -ENOSYS; + console_unlock(); + kfree(font.data); +@@ -4691,9 +4693,11 @@ static int con_font_default(struct vc_da + console_unlock(); + return -EINVAL; + } +- if (vc->vc_sw->con_font_default) ++ if (vc->vc_sw->con_font_default) { ++ if (vc_is_sel(vc)) ++ clear_selection(); + rc = vc->vc_sw->con_font_default(vc, &font, s); +- else ++ } else + rc = -ENOSYS; + console_unlock(); + if (!rc) {