From: Sasha Levin Date: Mon, 15 Jul 2019 14:53:04 +0000 (-0400) Subject: fixes for 4.14 X-Git-Tag: v5.2.2~18^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=549643f7e974553d0a4e294eadf6c7b4fe0afec2;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/arm-dts-imx6ul-fix-pwm-1-4-interrupts.patch b/queue-4.14/arm-dts-imx6ul-fix-pwm-1-4-interrupts.patch new file mode 100644 index 00000000000..706f6626614 --- /dev/null +++ b/queue-4.14/arm-dts-imx6ul-fix-pwm-1-4-interrupts.patch @@ -0,0 +1,66 @@ +From f9bee232dc27799578cfe5d5e5f0b274b85280eb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Szymanski?= + +Date: Tue, 18 Jun 2019 17:58:34 +0200 +Subject: ARM: dts: imx6ul: fix PWM[1-4] interrupts +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit 3cf10132ac8d536565f2c02f60a3aeb315863a52 ] + +According to the i.MX6UL/L RM, table 3.1 "ARM Cortex A7 domain interrupt +summary", the interrupts for the PWM[1-4] go from 83 to 86. + +Fixes: b9901fe84f02 ("ARM: dts: imx6ul: add pwm[1-4] nodes") +Signed-off-by: Sébastien Szymanski +Reviewed-by: Fabio Estevam +Signed-off-by: Shawn Guo +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/imx6ul.dtsi | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi +index 036aeba4f02c..49f4bdc0d864 100644 +--- a/arch/arm/boot/dts/imx6ul.dtsi ++++ b/arch/arm/boot/dts/imx6ul.dtsi +@@ -342,7 +342,7 @@ + pwm1: pwm@02080000 { + compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm"; + reg = <0x02080000 0x4000>; +- interrupts = ; ++ interrupts = ; + clocks = <&clks IMX6UL_CLK_PWM1>, + <&clks IMX6UL_CLK_PWM1>; + clock-names = "ipg", "per"; +@@ -353,7 +353,7 @@ + pwm2: pwm@02084000 { + compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm"; + reg = <0x02084000 0x4000>; +- interrupts = ; ++ interrupts = ; + clocks = <&clks IMX6UL_CLK_PWM2>, + <&clks IMX6UL_CLK_PWM2>; + clock-names = "ipg", "per"; +@@ -364,7 +364,7 @@ + pwm3: pwm@02088000 { + compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm"; + reg = <0x02088000 0x4000>; +- interrupts = ; ++ interrupts = ; + clocks = <&clks IMX6UL_CLK_PWM3>, + <&clks IMX6UL_CLK_PWM3>; + clock-names = "ipg", "per"; +@@ -375,7 +375,7 @@ + pwm4: pwm@0208c000 { + compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm"; + reg = <0x0208c000 0x4000>; +- interrupts = ; ++ interrupts = ; + clocks = <&clks IMX6UL_CLK_PWM4>, + <&clks IMX6UL_CLK_PWM4>; + clock-names = "ipg", "per"; +-- +2.20.1 + diff --git a/queue-4.14/arm-omap2-remove-incorrect-__init-annotation.patch b/queue-4.14/arm-omap2-remove-incorrect-__init-annotation.patch new file mode 100644 index 00000000000..ba93e8b2ecc --- /dev/null +++ b/queue-4.14/arm-omap2-remove-incorrect-__init-annotation.patch @@ -0,0 +1,45 @@ +From 09aab51c101b6333d097c6bc0a1a4432da5b879b Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Wed, 19 Jun 2019 15:04:54 +0200 +Subject: ARM: omap2: remove incorrect __init annotation + +[ Upstream commit 27e23d8975270df6999f8b5b3156fc0c04927451 ] + +omap3xxx_prm_enable_io_wakeup() is marked __init, but its caller is not, so +we get a warning with clang-8: + +WARNING: vmlinux.o(.text+0x343c8): Section mismatch in reference from the function omap3xxx_prm_late_init() to the function .init.text:omap3xxx_prm_enable_io_wakeup() +The function omap3xxx_prm_late_init() references +the function __init omap3xxx_prm_enable_io_wakeup(). +This is often because omap3xxx_prm_late_init lacks a __init +annotation or the annotation of omap3xxx_prm_enable_io_wakeup is wrong. + +When building with gcc, omap3xxx_prm_enable_io_wakeup() is always +inlined, so we never noticed in the past. + +Signed-off-by: Arnd Bergmann +Reviewed-by: Nathan Chancellor +Acked-by: Tony Lindgren +Reviewed-by: Andrew Murray +Signed-off-by: Olof Johansson +Signed-off-by: Sasha Levin +--- + arch/arm/mach-omap2/prm3xxx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/mach-omap2/prm3xxx.c b/arch/arm/mach-omap2/prm3xxx.c +index a2dd13217c89..2819c43fe754 100644 +--- a/arch/arm/mach-omap2/prm3xxx.c ++++ b/arch/arm/mach-omap2/prm3xxx.c +@@ -433,7 +433,7 @@ static void omap3_prm_reconfigure_io_chain(void) + * registers, and omap3xxx_prm_reconfigure_io_chain() must be called. + * No return value. + */ +-static void __init omap3xxx_prm_enable_io_wakeup(void) ++static void omap3xxx_prm_enable_io_wakeup(void) + { + if (prm_features & PRM_HAS_IO_WAKEUP) + omap2_prm_set_mod_reg_bits(OMAP3430_EN_IO_MASK, WKUP_MOD, +-- +2.20.1 + diff --git a/queue-4.14/be2net-fix-link-failure-after-ethtool-offline-test.patch b/queue-4.14/be2net-fix-link-failure-after-ethtool-offline-test.patch new file mode 100644 index 00000000000..3eac0eca3e9 --- /dev/null +++ b/queue-4.14/be2net-fix-link-failure-after-ethtool-offline-test.patch @@ -0,0 +1,81 @@ +From bf95fc548a1b9e7df48ea4dbe2e541b441c2c42b Mon Sep 17 00:00:00 2001 +From: Petr Oros +Date: Wed, 19 Jun 2019 14:29:42 +0200 +Subject: be2net: fix link failure after ethtool offline test + +[ Upstream commit 2e5db6eb3c23e5dc8171eb8f6af7a97ef9fcf3a9 ] + +Certain cards in conjunction with certain switches need a little more +time for link setup that results in ethtool link test failure after +offline test. Patch adds a loop that waits for a link setup finish. + +Changes in v2: +- added fixes header + +Fixes: 4276e47e2d1c ("be2net: Add link test to list of ethtool self tests.") +Signed-off-by: Petr Oros +Reviewed-by: Ivan Vecera +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + .../net/ethernet/emulex/benet/be_ethtool.c | 28 +++++++++++++++---- + 1 file changed, 22 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/ethernet/emulex/benet/be_ethtool.c b/drivers/net/ethernet/emulex/benet/be_ethtool.c +index 6ce7b8435ace..f66b246acaea 100644 +--- a/drivers/net/ethernet/emulex/benet/be_ethtool.c ++++ b/drivers/net/ethernet/emulex/benet/be_ethtool.c +@@ -893,7 +893,7 @@ static void be_self_test(struct net_device *netdev, struct ethtool_test *test, + u64 *data) + { + struct be_adapter *adapter = netdev_priv(netdev); +- int status; ++ int status, cnt; + u8 link_status = 0; + + if (adapter->function_caps & BE_FUNCTION_CAPS_SUPER_NIC) { +@@ -904,6 +904,9 @@ static void be_self_test(struct net_device *netdev, struct ethtool_test *test, + + memset(data, 0, sizeof(u64) * ETHTOOL_TESTS_NUM); + ++ /* check link status before offline tests */ ++ link_status = netif_carrier_ok(netdev); ++ + if (test->flags & ETH_TEST_FL_OFFLINE) { + if (be_loopback_test(adapter, BE_MAC_LOOPBACK, &data[0]) != 0) + test->flags |= ETH_TEST_FL_FAILED; +@@ -924,13 +927,26 @@ static void be_self_test(struct net_device *netdev, struct ethtool_test *test, + test->flags |= ETH_TEST_FL_FAILED; + } + +- status = be_cmd_link_status_query(adapter, NULL, &link_status, 0); +- if (status) { +- test->flags |= ETH_TEST_FL_FAILED; +- data[4] = -1; +- } else if (!link_status) { ++ /* link status was down prior to test */ ++ if (!link_status) { + test->flags |= ETH_TEST_FL_FAILED; + data[4] = 1; ++ return; ++ } ++ ++ for (cnt = 10; cnt; cnt--) { ++ status = be_cmd_link_status_query(adapter, NULL, &link_status, ++ 0); ++ if (status) { ++ test->flags |= ETH_TEST_FL_FAILED; ++ data[4] = -1; ++ break; ++ } ++ ++ if (link_status) ++ break; ++ ++ msleep_interruptible(500); + } + } + +-- +2.20.1 + diff --git a/queue-4.14/clk-ti-clkctrl-fix-returning-uninitialized-data.patch b/queue-4.14/clk-ti-clkctrl-fix-returning-uninitialized-data.patch new file mode 100644 index 00000000000..ece5b1576fe --- /dev/null +++ b/queue-4.14/clk-ti-clkctrl-fix-returning-uninitialized-data.patch @@ -0,0 +1,63 @@ +From 9eff70b54428fb75b9acbae1095b848203b04616 Mon Sep 17 00:00:00 2001 +From: Tony Lindgren +Date: Wed, 29 May 2019 23:55:57 -0700 +Subject: clk: ti: clkctrl: Fix returning uninitialized data + +[ Upstream commit 41b3588dba6ef4b7995735a97e47ff0aeea6c276 ] + +If we do a clk_get() for a clock that does not exists, we have +_ti_omap4_clkctrl_xlate() return uninitialized data if no match +is found. This can be seen in some cases with SLAB_DEBUG enabled: + +Unable to handle kernel paging request at virtual address 5a5a5a5a +... +clk_hw_create_clk.part.33 +sysc_notifier_call +notifier_call_chain +blocking_notifier_call_chain +device_add + +Let's fix this by setting a found flag only when we find a match. + +Reported-by: Tomi Valkeinen +Fixes: 88a172526c32 ("clk: ti: add support for clkctrl clocks") +Signed-off-by: Tony Lindgren +Tested-by: Peter Ujfalusi +Tested-by: Tomi Valkeinen +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/ti/clkctrl.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/clk/ti/clkctrl.c b/drivers/clk/ti/clkctrl.c +index 82e4d5cccf84..2df8564f08a0 100644 +--- a/drivers/clk/ti/clkctrl.c ++++ b/drivers/clk/ti/clkctrl.c +@@ -215,6 +215,7 @@ static struct clk_hw *_ti_omap4_clkctrl_xlate(struct of_phandle_args *clkspec, + { + struct omap_clkctrl_provider *provider = data; + struct omap_clkctrl_clk *entry; ++ bool found = false; + + if (clkspec->args_count != 2) + return ERR_PTR(-EINVAL); +@@ -224,11 +225,13 @@ static struct clk_hw *_ti_omap4_clkctrl_xlate(struct of_phandle_args *clkspec, + + list_for_each_entry(entry, &provider->clocks, node) { + if (entry->reg_offset == clkspec->args[0] && +- entry->bit_offset == clkspec->args[1]) ++ entry->bit_offset == clkspec->args[1]) { ++ found = true; + break; ++ } + } + +- if (!entry) ++ if (!found) + return ERR_PTR(-EINVAL); + + return entry->clk; +-- +2.20.1 + diff --git a/queue-4.14/cpu-hotplug-fix-out-of-bounds-read-when-setting-fail.patch b/queue-4.14/cpu-hotplug-fix-out-of-bounds-read-when-setting-fail.patch new file mode 100644 index 00000000000..276450855a5 --- /dev/null +++ b/queue-4.14/cpu-hotplug-fix-out-of-bounds-read-when-setting-fail.patch @@ -0,0 +1,72 @@ +From 008341a200acfffeac308a5af2655b44ca7a7261 Mon Sep 17 00:00:00 2001 +From: Eiichi Tsukata +Date: Thu, 27 Jun 2019 11:47:32 +0900 +Subject: cpu/hotplug: Fix out-of-bounds read when setting fail state + +[ Upstream commit 33d4a5a7a5b4d02915d765064b2319e90a11cbde ] + +Setting invalid value to /sys/devices/system/cpu/cpuX/hotplug/fail +can control `struct cpuhp_step *sp` address, results in the following +global-out-of-bounds read. + +Reproducer: + + # echo -2 > /sys/devices/system/cpu/cpu0/hotplug/fail + +KASAN report: + + BUG: KASAN: global-out-of-bounds in write_cpuhp_fail+0x2cd/0x2e0 + Read of size 8 at addr ffffffff89734438 by task bash/1941 + + CPU: 0 PID: 1941 Comm: bash Not tainted 5.2.0-rc6+ #31 + Call Trace: + write_cpuhp_fail+0x2cd/0x2e0 + dev_attr_store+0x58/0x80 + sysfs_kf_write+0x13d/0x1a0 + kernfs_fop_write+0x2bc/0x460 + vfs_write+0x1e1/0x560 + ksys_write+0x126/0x250 + do_syscall_64+0xc1/0x390 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + RIP: 0033:0x7f05e4f4c970 + + The buggy address belongs to the variable: + cpu_hotplug_lock+0x98/0xa0 + + Memory state around the buggy address: + ffffffff89734300: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 + ffffffff89734380: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 + >ffffffff89734400: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa + ^ + ffffffff89734480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + ffffffff89734500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + +Add a sanity check for the value written from user space. + +Fixes: 1db49484f21ed ("smp/hotplug: Hotplug state fail injection") +Signed-off-by: Eiichi Tsukata +Signed-off-by: Thomas Gleixner +Cc: peterz@infradead.org +Link: https://lkml.kernel.org/r/20190627024732.31672-1-devel@etsukata.com +Signed-off-by: Sasha Levin +--- + kernel/cpu.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/kernel/cpu.c b/kernel/cpu.c +index f370a0f43005..d768e15bef83 100644 +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -1944,6 +1944,9 @@ static ssize_t write_cpuhp_fail(struct device *dev, + if (ret) + return ret; + ++ if (fail < CPUHP_OFFLINE || fail > CPUHP_ONLINE) ++ return -EINVAL; ++ + /* + * Cannot fail STARTING/DYING callbacks. + */ +-- +2.20.1 + diff --git a/queue-4.14/dm-verity-use-message-limit-for-data-block-corruptio.patch b/queue-4.14/dm-verity-use-message-limit-for-data-block-corruptio.patch new file mode 100644 index 00000000000..b088214e4cf --- /dev/null +++ b/queue-4.14/dm-verity-use-message-limit-for-data-block-corruptio.patch @@ -0,0 +1,35 @@ +From 910afd50b43985beb823f7706d757062bddafd65 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Thu, 20 Jun 2019 13:00:19 +0200 +Subject: dm verity: use message limit for data block corruption message + +[ Upstream commit 2eba4e640b2c4161e31ae20090a53ee02a518657 ] + +DM verity should also use DMERR_LIMIT to limit repeat data block +corruption messages. + +Signed-off-by: Milan Broz +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-verity-target.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c +index 8573c70a1880..e705799976c2 100644 +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -276,8 +276,8 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, + BUG(); + } + +- DMERR("%s: %s block %llu is corrupted", v->data_dev->name, type_str, +- block); ++ DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name, ++ type_str, block); + + if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) + DMERR("%s: reached maximum errors", v->data_dev->name); +-- +2.20.1 + diff --git a/queue-4.14/efi-bgrt-drop-bgrt-status-field-reserved-bits-check.patch b/queue-4.14/efi-bgrt-drop-bgrt-status-field-reserved-bits-check.patch new file mode 100644 index 00000000000..d801bb1826e --- /dev/null +++ b/queue-4.14/efi-bgrt-drop-bgrt-status-field-reserved-bits-check.patch @@ -0,0 +1,45 @@ +From 45bb210059ded66cd6b5929de6007a97f3d7e17c Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 29 May 2019 15:28:28 +0200 +Subject: efi/bgrt: Drop BGRT status field reserved bits check + +[ Upstream commit a483fcab38b43fb34a7f12ab1daadd3907f150e2 ] + +Starting with ACPI 6.2 bits 1 and 2 of the BGRT status field are no longer +reserved. These bits are now used to indicate if the image needs to be +rotated before being displayed. + +The first device using these bits has now shown up (the GPD MicroPC) and +the reserved bits check causes us to reject the valid BGRT table on this +device. + +Rather then changing the reserved bits check, allowing only the 2 new bits, +instead just completely remove it so that we do not end up with a similar +problem when more bits are added in the future. + +Signed-off-by: Hans de Goede +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/efi-bgrt.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/drivers/firmware/efi/efi-bgrt.c b/drivers/firmware/efi/efi-bgrt.c +index 50793fda7819..e3d86aa1ad5d 100644 +--- a/drivers/firmware/efi/efi-bgrt.c ++++ b/drivers/firmware/efi/efi-bgrt.c +@@ -50,11 +50,6 @@ void __init efi_bgrt_init(struct acpi_table_header *table) + bgrt->version); + goto out; + } +- if (bgrt->status & 0xfe) { +- pr_notice("Ignoring BGRT: reserved status bits are non-zero %u\n", +- bgrt->status); +- goto out; +- } + if (bgrt->image_type != 0) { + pr_notice("Ignoring BGRT: invalid image type %u (expected 0)\n", + bgrt->image_type); +-- +2.20.1 + diff --git a/queue-4.14/linux-kernel.h-fix-overflow-for-div_round_up_ull.patch b/queue-4.14/linux-kernel.h-fix-overflow-for-div_round_up_ull.patch new file mode 100644 index 00000000000..200d0514451 --- /dev/null +++ b/queue-4.14/linux-kernel.h-fix-overflow-for-div_round_up_ull.patch @@ -0,0 +1,43 @@ +From 0bcfab5d47a1f696ef0c262094914241af8027bc Mon Sep 17 00:00:00 2001 +From: Vinod Koul +Date: Fri, 28 Jun 2019 12:07:21 -0700 +Subject: linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL + +[ Upstream commit 8f9fab480c7a87b10bb5440b5555f370272a5d59 ] + +DIV_ROUND_UP_ULL adds the two arguments and then invokes +DIV_ROUND_DOWN_ULL. But on a 32bit system the addition of two 32 bit +values can overflow. DIV_ROUND_DOWN_ULL does it correctly and stashes +the addition into a unsigned long long so cast the result to unsigned +long long here to avoid the overflow condition. + +[akpm@linux-foundation.org: DIV_ROUND_UP_ULL must be an rval] +Link: http://lkml.kernel.org/r/20190625100518.30753-1-vkoul@kernel.org +Signed-off-by: Vinod Koul +Reviewed-by: Andrew Morton +Cc: Bjorn Andersson +Cc: Randy Dunlap +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + include/linux/kernel.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/include/linux/kernel.h b/include/linux/kernel.h +index 1c5469adaa85..bb7baecef002 100644 +--- a/include/linux/kernel.h ++++ b/include/linux/kernel.h +@@ -101,7 +101,8 @@ + #define DIV_ROUND_DOWN_ULL(ll, d) \ + ({ unsigned long long _tmp = (ll); do_div(_tmp, d); _tmp; }) + +-#define DIV_ROUND_UP_ULL(ll, d) DIV_ROUND_DOWN_ULL((ll) + (d) - 1, (d)) ++#define DIV_ROUND_UP_ULL(ll, d) \ ++ DIV_ROUND_DOWN_ULL((unsigned long long)(ll) + (d) - 1, (d)) + + #if BITS_PER_LONG == 32 + # define DIV_ROUND_UP_SECTOR_T(ll,d) DIV_ROUND_UP_ULL(ll, d) +-- +2.20.1 + diff --git a/queue-4.14/perf-core-fix-perf_sample_regs_user-mm-check.patch b/queue-4.14/perf-core-fix-perf_sample_regs_user-mm-check.patch new file mode 100644 index 00000000000..fb0360f2964 --- /dev/null +++ b/queue-4.14/perf-core-fix-perf_sample_regs_user-mm-check.patch @@ -0,0 +1,52 @@ +From 92fd9f856e00d2c5f41d7628e9658b44db569d93 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Wed, 29 May 2019 14:37:24 +0200 +Subject: perf/core: Fix perf_sample_regs_user() mm check + +[ Upstream commit 085ebfe937d7a7a5df1729f35a12d6d655fea68c ] + +perf_sample_regs_user() uses 'current->mm' to test for the presence of +userspace, but this is insufficient, consider use_mm(). + +A better test is: '!(current->flags & PF_KTHREAD)', exec() clears +PF_KTHREAD after it sets the new ->mm but before it drops to userspace +for the first time. + +Possibly obsoletes: bf05fc25f268 ("powerpc/perf: Fix oops when kthread execs user process") + +Reported-by: Ravi Bangoria +Reported-by: Young Xiao <92siuyang@gmail.com> +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Will Deacon +Cc: Arnaldo Carvalho de Melo +Cc: Frederic Weisbecker +Cc: Jiri Olsa +Cc: Linus Torvalds +Cc: Michael Ellerman +Cc: Naveen N. Rao +Cc: Peter Zijlstra +Cc: Stephane Eranian +Cc: Thomas Gleixner +Fixes: 4018994f3d87 ("perf: Add ability to attach user level registers dump to sample") +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 580616e6fcee..3d4eb6f840eb 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -5630,7 +5630,7 @@ static void perf_sample_regs_user(struct perf_regs *regs_user, + if (user_mode(regs)) { + regs_user->abi = perf_reg_abi(current); + regs_user->regs = regs; +- } else if (current->mm) { ++ } else if (!(current->flags & PF_KTHREAD)) { + perf_get_regs_user(regs_user, regs, regs_user_copy); + } else { + regs_user->abi = PERF_SAMPLE_REGS_ABI_NONE; +-- +2.20.1 + diff --git a/queue-4.14/ppp-mppe-add-softdep-to-arc4.patch b/queue-4.14/ppp-mppe-add-softdep-to-arc4.patch new file mode 100644 index 00000000000..77b28c58fe4 --- /dev/null +++ b/queue-4.14/ppp-mppe-add-softdep-to-arc4.patch @@ -0,0 +1,34 @@ +From 1634c2a434e402faacb922e51cef038d1984ee7b Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 19 Jun 2019 15:34:07 +0200 +Subject: ppp: mppe: Add softdep to arc4 + +[ Upstream commit aad1dcc4f011ea409850e040363dff1e59aa4175 ] + +The arc4 crypto is mandatory at ppp_mppe probe time, so let's put a +softdep line, so that the corresponding module gets prepared +gracefully. Without this, a simple inclusion to initrd via dracut +failed due to the missing dependency, for example. + +Signed-off-by: Takashi Iwai +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ppp/ppp_mppe.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c +index 6c7fd98cb00a..d9eda7c217e9 100644 +--- a/drivers/net/ppp/ppp_mppe.c ++++ b/drivers/net/ppp/ppp_mppe.c +@@ -63,6 +63,7 @@ MODULE_AUTHOR("Frank Cusack "); + MODULE_DESCRIPTION("Point-to-Point Protocol Microsoft Point-to-Point Encryption support"); + MODULE_LICENSE("Dual BSD/GPL"); + MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE)); ++MODULE_SOFTDEP("pre: arc4"); + MODULE_VERSION("1.0.2"); + + static unsigned int +-- +2.20.1 + diff --git a/queue-4.14/series b/queue-4.14/series index df0498b57ef..baa24da396b 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -59,3 +59,15 @@ binder-fix-memory-leak-in-error-path.patch carl9170-fix-misuse-of-device-driver-api.patch vmci-fix-integer-overflow-in-vmci-handle-arrays.patch mips-remove-superfluous-check-for-__linux__.patch +clk-ti-clkctrl-fix-returning-uninitialized-data.patch +efi-bgrt-drop-bgrt-status-field-reserved-bits-check.patch +perf-core-fix-perf_sample_regs_user-mm-check.patch +arm-omap2-remove-incorrect-__init-annotation.patch +be2net-fix-link-failure-after-ethtool-offline-test.patch +ppp-mppe-add-softdep-to-arc4.patch +sis900-fix-tx-completion.patch +arm-dts-imx6ul-fix-pwm-1-4-interrupts.patch +dm-verity-use-message-limit-for-data-block-corruptio.patch +x86-boot-64-fix-crash-if-kernel-image-crosses-page-t.patch +cpu-hotplug-fix-out-of-bounds-read-when-setting-fail.patch +linux-kernel.h-fix-overflow-for-div_round_up_ull.patch diff --git a/queue-4.14/sis900-fix-tx-completion.patch b/queue-4.14/sis900-fix-tx-completion.patch new file mode 100644 index 00000000000..0d2c63e8957 --- /dev/null +++ b/queue-4.14/sis900-fix-tx-completion.patch @@ -0,0 +1,117 @@ +From 53f5d999d20c34af78327df638a485e57a6e1a0e Mon Sep 17 00:00:00 2001 +From: Sergej Benilov +Date: Thu, 20 Jun 2019 11:02:18 +0200 +Subject: sis900: fix TX completion + +[ Upstream commit 8ac8a01092b2added0749ef937037bf1912e13e3 ] + +Since commit 605ad7f184b60cfaacbc038aa6c55ee68dee3c89 "tcp: refine TSO autosizing", +outbound throughput is dramatically reduced for some connections, as sis900 +is doing TX completion within idle states only. + +Make TX completion happen after every transmitted packet. + +Test: +netperf + +before patch: +> netperf -H remote -l -2000000 -- -s 1000000 +MIGRATED TCP STREAM TEST from 0.0.0.0 () port 0 AF_INET to 95.223.112.76 () port 0 AF_INET : demo +Recv Send Send +Socket Socket Message Elapsed +Size Size Size Time Throughput +bytes bytes bytes secs. 10^6bits/sec + + 87380 327680 327680 253.44 0.06 + +after patch: +> netperf -H remote -l -10000000 -- -s 1000000 +MIGRATED TCP STREAM TEST from 0.0.0.0 () port 0 AF_INET to 95.223.112.76 () port 0 AF_INET : demo +Recv Send Send +Socket Socket Message Elapsed +Size Size Size Time Throughput +bytes bytes bytes secs. 10^6bits/sec + + 87380 327680 327680 5.38 14.89 + +Thx to Dave Miller and Eric Dumazet for helpful hints + +Signed-off-by: Sergej Benilov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/sis/sis900.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/drivers/net/ethernet/sis/sis900.c b/drivers/net/ethernet/sis/sis900.c +index 40bd88362e3d..693f9582173b 100644 +--- a/drivers/net/ethernet/sis/sis900.c ++++ b/drivers/net/ethernet/sis/sis900.c +@@ -1057,7 +1057,7 @@ sis900_open(struct net_device *net_dev) + sis900_set_mode(sis_priv, HW_SPEED_10_MBPS, FDX_CAPABLE_HALF_SELECTED); + + /* Enable all known interrupts by setting the interrupt mask. */ +- sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE); ++ sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE | TxDESC); + sw32(cr, RxENA | sr32(cr)); + sw32(ier, IE); + +@@ -1580,7 +1580,7 @@ static void sis900_tx_timeout(struct net_device *net_dev) + sw32(txdp, sis_priv->tx_ring_dma); + + /* Enable all known interrupts by setting the interrupt mask. */ +- sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE); ++ sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE | TxDESC); + } + + /** +@@ -1620,7 +1620,7 @@ sis900_start_xmit(struct sk_buff *skb, struct net_device *net_dev) + spin_unlock_irqrestore(&sis_priv->lock, flags); + return NETDEV_TX_OK; + } +- sis_priv->tx_ring[entry].cmdsts = (OWN | skb->len); ++ sis_priv->tx_ring[entry].cmdsts = (OWN | INTR | skb->len); + sw32(cr, TxENA | sr32(cr)); + + sis_priv->cur_tx ++; +@@ -1676,7 +1676,7 @@ static irqreturn_t sis900_interrupt(int irq, void *dev_instance) + do { + status = sr32(isr); + +- if ((status & (HIBERR|TxURN|TxERR|TxIDLE|RxORN|RxERR|RxOK)) == 0) ++ if ((status & (HIBERR|TxURN|TxERR|TxIDLE|TxDESC|RxORN|RxERR|RxOK)) == 0) + /* nothing intresting happened */ + break; + handled = 1; +@@ -1686,7 +1686,7 @@ static irqreturn_t sis900_interrupt(int irq, void *dev_instance) + /* Rx interrupt */ + sis900_rx(net_dev); + +- if (status & (TxURN | TxERR | TxIDLE)) ++ if (status & (TxURN | TxERR | TxIDLE | TxDESC)) + /* Tx interrupt */ + sis900_finish_xmit(net_dev); + +@@ -1898,8 +1898,8 @@ static void sis900_finish_xmit (struct net_device *net_dev) + + if (tx_status & OWN) { + /* The packet is not transmitted yet (owned by hardware) ! +- * Note: the interrupt is generated only when Tx Machine +- * is idle, so this is an almost impossible case */ ++ * Note: this is an almost impossible condition ++ * in case of TxDESC ('descriptor interrupt') */ + break; + } + +@@ -2475,7 +2475,7 @@ static int sis900_resume(struct pci_dev *pci_dev) + sis900_set_mode(sis_priv, HW_SPEED_10_MBPS, FDX_CAPABLE_HALF_SELECTED); + + /* Enable all known interrupts by setting the interrupt mask. */ +- sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE); ++ sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE | TxDESC); + sw32(cr, RxENA | sr32(cr)); + sw32(ier, IE); + +-- +2.20.1 + diff --git a/queue-4.14/x86-boot-64-fix-crash-if-kernel-image-crosses-page-t.patch b/queue-4.14/x86-boot-64-fix-crash-if-kernel-image-crosses-page-t.patch new file mode 100644 index 00000000000..5aa192ad401 --- /dev/null +++ b/queue-4.14/x86-boot-64-fix-crash-if-kernel-image-crosses-page-t.patch @@ -0,0 +1,88 @@ +From 64158993b5aea295b8e93c97a48f689ed6b2a03b Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" +Date: Thu, 20 Jun 2019 14:23:45 +0300 +Subject: x86/boot/64: Fix crash if kernel image crosses page table boundary + +[ Upstream commit 81c7ed296dcd02bc0b4488246d040e03e633737a ] + +A kernel which boots in 5-level paging mode crashes in a small percentage +of cases if KASLR is enabled. + +This issue was tracked down to the case when the kernel image unpacks in a +way that it crosses an 1G boundary. The crash is caused by an overrun of +the PMD page table in __startup_64() and corruption of P4D page table +allocated next to it. This particular issue is not visible with 4-level +paging as P4D page tables are not used. + +But the P4D and the PUD calculation have similar problems. + +The PMD index calculation is wrong due to operator precedence, which fails +to confine the PMDs in the PMD array on wrap around. + +The P4D calculation for 5-level paging and the PUD calculation calculate +the first index correctly, but then blindly increment it which causes the +same issue when a kernel image is located across a 512G and for 5-level +paging across a 46T boundary. + +This wrap around mishandling was introduced when these parts moved from +assembly to C. + +Restore it to the correct behaviour. + +Fixes: c88d71508e36 ("x86/boot/64: Rewrite startup_64() in C") +Signed-off-by: Kirill A. Shutemov +Signed-off-by: Thomas Gleixner +Cc: Borislav Petkov +Cc: "H. Peter Anvin" +Cc: Dave Hansen +Cc: Andy Lutomirski +Cc: Peter Zijlstra +Link: https://lkml.kernel.org/r/20190620112345.28833-1-kirill.shutemov@linux.intel.com +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/head64.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c +index 45b5c6c4a55e..7c67d8939f3e 100644 +--- a/arch/x86/kernel/head64.c ++++ b/arch/x86/kernel/head64.c +@@ -117,26 +117,27 @@ unsigned long __head __startup_64(unsigned long physaddr, + pgd[i + 0] = (pgdval_t)p4d + pgtable_flags; + pgd[i + 1] = (pgdval_t)p4d + pgtable_flags; + +- i = (physaddr >> P4D_SHIFT) % PTRS_PER_P4D; +- p4d[i + 0] = (pgdval_t)pud + pgtable_flags; +- p4d[i + 1] = (pgdval_t)pud + pgtable_flags; ++ i = physaddr >> P4D_SHIFT; ++ p4d[(i + 0) % PTRS_PER_P4D] = (pgdval_t)pud + pgtable_flags; ++ p4d[(i + 1) % PTRS_PER_P4D] = (pgdval_t)pud + pgtable_flags; + } else { + i = (physaddr >> PGDIR_SHIFT) % PTRS_PER_PGD; + pgd[i + 0] = (pgdval_t)pud + pgtable_flags; + pgd[i + 1] = (pgdval_t)pud + pgtable_flags; + } + +- i = (physaddr >> PUD_SHIFT) % PTRS_PER_PUD; +- pud[i + 0] = (pudval_t)pmd + pgtable_flags; +- pud[i + 1] = (pudval_t)pmd + pgtable_flags; ++ i = physaddr >> PUD_SHIFT; ++ pud[(i + 0) % PTRS_PER_PUD] = (pudval_t)pmd + pgtable_flags; ++ pud[(i + 1) % PTRS_PER_PUD] = (pudval_t)pmd + pgtable_flags; + + pmd_entry = __PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL; + pmd_entry += sme_get_me_mask(); + pmd_entry += physaddr; + + for (i = 0; i < DIV_ROUND_UP(_end - _text, PMD_SIZE); i++) { +- int idx = i + (physaddr >> PMD_SHIFT) % PTRS_PER_PMD; +- pmd[idx] = pmd_entry + i * PMD_SIZE; ++ int idx = i + (physaddr >> PMD_SHIFT); ++ ++ pmd[idx % PTRS_PER_PMD] = pmd_entry + i * PMD_SIZE; + } + + /* +-- +2.20.1 +