From: Greg Kroah-Hartman Date: Sun, 24 Feb 2019 13:58:49 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v4.9.161~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6ab739cdfdbdb2066ed8f5e61da7aaf4a026b822;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: arc-define-arch_slab_minalign-8.patch arc-u-boot-check-arguments-paranoidly.patch arcv2-enable-unaligned-access-in-early-asm-code.patch drm-i915-fbdev-actually-configure-untiled-displays.patch parisc-fix-ptrace-syscall-number-modification.patch --- diff --git a/queue-4.14/arc-define-arch_slab_minalign-8.patch b/queue-4.14/arc-define-arch_slab_minalign-8.patch new file mode 100644 index 00000000000..7449faea029 --- /dev/null +++ b/queue-4.14/arc-define-arch_slab_minalign-8.patch @@ -0,0 +1,81 @@ +From b6835ea77729e7faf4656ca637ba53f42b8ee3fd Mon Sep 17 00:00:00 2001 +From: Alexey Brodkin +Date: Fri, 8 Feb 2019 13:55:19 +0300 +Subject: ARC: define ARCH_SLAB_MINALIGN = 8 + +From: Alexey Brodkin + +commit b6835ea77729e7faf4656ca637ba53f42b8ee3fd upstream. + +The default value of ARCH_SLAB_MINALIGN in "include/linux/slab.h" is +"__alignof__(unsigned long long)" which for ARC unexpectedly turns out +to be 4. This is not a compiler bug, but as defined by ARC ABI [1] + +Thus slab allocator would allocate a struct which is 32-bit aligned, +which is generally OK even if struct has long long members. +There was however potetial problem when it had any atomic64_t which +use LLOCKD/SCONDD instructions which are required by ISA to take +64-bit addresses. This is the problem we ran into + +[ 4.015732] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null) +[ 4.167881] Misaligned Access +[ 4.172356] Path: /bin/busybox.nosuid +[ 4.176004] CPU: 2 PID: 171 Comm: rm Not tainted 4.19.14-yocto-standard #1 +[ 4.182851] +[ 4.182851] [ECR ]: 0x000d0000 => Check Programmer's Manual +[ 4.190061] [EFA ]: 0xbeaec3fc +[ 4.190061] [BLINK ]: ext4_delete_entry+0x210/0x234 +[ 4.190061] [ERET ]: ext4_delete_entry+0x13e/0x234 +[ 4.202985] [STAT32]: 0x80080002 : IE K +[ 4.207236] BTA: 0x9009329c SP: 0xbe5b1ec4 FP: 0x00000000 +[ 4.212790] LPS: 0x9074b118 LPE: 0x9074b120 LPC: 0x00000000 +[ 4.218348] r00: 0x00000040 r01: 0x00000021 r02: 0x00000001 +... +... +[ 4.270510] Stack Trace: +[ 4.274510] ext4_delete_entry+0x13e/0x234 +[ 4.278695] ext4_rmdir+0xe0/0x238 +[ 4.282187] vfs_rmdir+0x50/0xf0 +[ 4.285492] do_rmdir+0x9e/0x154 +[ 4.288802] EV_Trap+0x110/0x114 + +The fix is to make sure slab allocations are 64-bit aligned. + +Do note that atomic64_t is __attribute__((aligned(8)) which means gcc +does generate 64-bit aligned references, relative to beginning of +container struct. However the issue is if the container itself is not +64-bit aligned, atomic64_t ends up unaligned which is what this patch +ensures. + +[1] https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/wiki/files/ARCv2_ABI.pdf + +Signed-off-by: Alexey Brodkin +Cc: # 4.8+ +Signed-off-by: Vineet Gupta +[vgupta: reworked changelog, added dependency on LL64+LLSC] +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/include/asm/cache.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/arch/arc/include/asm/cache.h ++++ b/arch/arc/include/asm/cache.h +@@ -52,6 +52,17 @@ + #define cache_line_size() SMP_CACHE_BYTES + #define ARCH_DMA_MINALIGN SMP_CACHE_BYTES + ++/* ++ * Make sure slab-allocated buffers are 64-bit aligned when atomic64_t uses ++ * ARCv2 64-bit atomics (LLOCKD/SCONDD). This guarantess runtime 64-bit ++ * alignment for any atomic64_t embedded in buffer. ++ * Default ARCH_SLAB_MINALIGN is __alignof__(long long) which has a relaxed ++ * value of 4 (and not 8) in ARC ABI. ++ */ ++#if defined(CONFIG_ARC_HAS_LL64) && defined(CONFIG_ARC_HAS_LLSC) ++#define ARCH_SLAB_MINALIGN 8 ++#endif ++ + extern void arc_cache_init(void); + extern char *arc_cache_mumbojumbo(int cpu_id, char *buf, int len); + extern void read_decode_cache_bcr(void); diff --git a/queue-4.14/arc-u-boot-check-arguments-paranoidly.patch b/queue-4.14/arc-u-boot-check-arguments-paranoidly.patch new file mode 100644 index 00000000000..8f36b4a2a5e --- /dev/null +++ b/queue-4.14/arc-u-boot-check-arguments-paranoidly.patch @@ -0,0 +1,160 @@ +From a66f2e57bd566240d8b3884eedf503928fbbe557 Mon Sep 17 00:00:00 2001 +From: Eugeniy Paltsev +Date: Thu, 14 Feb 2019 18:07:44 +0300 +Subject: ARC: U-boot: check arguments paranoidly + +From: Eugeniy Paltsev + +commit a66f2e57bd566240d8b3884eedf503928fbbe557 upstream. + +Handle U-boot arguments paranoidly: + * don't allow to pass unknown tag. + * try to use external device tree blob only if corresponding tag + (TAG_DTB) is set. + * don't check uboot_tag if kernel build with no ARC_UBOOT_SUPPORT. + +NOTE: +If U-boot args are invalid we skip them and try to use embedded device +tree blob. We can't panic on invalid U-boot args as we really pass +invalid args due to bug in U-boot code. +This happens if we don't provide external DTB to U-boot and +don't set 'bootargs' U-boot environment variable (which is default +case at least for HSDK board) In that case we will pass +{r0 = 1 (bootargs in r2); r1 = 0; r2 = 0;} to linux which is invalid. + +While I'm at it refactor U-boot arguments handling code. + +Cc: stable@vger.kernel.org +Tested-by: Corentin LABBE +Signed-off-by: Eugeniy Paltsev +Signed-off-by: Vineet Gupta +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/kernel/head.S | 4 +- + arch/arc/kernel/setup.c | 89 +++++++++++++++++++++++++++++++++--------------- + 2 files changed, 65 insertions(+), 28 deletions(-) + +--- a/arch/arc/kernel/head.S ++++ b/arch/arc/kernel/head.S +@@ -103,9 +103,9 @@ ENTRY(stext) + #ifdef CONFIG_ARC_UBOOT_SUPPORT + ; Uboot - kernel ABI + ; r0 = [0] No uboot interaction, [1] cmdline in r2, [2] DTB in r2 +- ; r1 = magic number (board identity, unused as of now ++ ; r1 = magic number (always zero as of now) + ; r2 = pointer to uboot provided cmdline or external DTB in mem +- ; These are handled later in setup_arch() ++ ; These are handled later in handle_uboot_args() + st r0, [@uboot_tag] + st r2, [@uboot_arg] + #endif +--- a/arch/arc/kernel/setup.c ++++ b/arch/arc/kernel/setup.c +@@ -414,43 +414,80 @@ void setup_processor(void) + arc_chk_core_config(); + } + +-static inline int is_kernel(unsigned long addr) ++static inline bool uboot_arg_invalid(unsigned long addr) + { +- if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end) +- return 1; +- return 0; ++ /* ++ * Check that it is a untranslated address (although MMU is not enabled ++ * yet, it being a high address ensures this is not by fluke) ++ */ ++ if (addr < PAGE_OFFSET) ++ return true; ++ ++ /* Check that address doesn't clobber resident kernel image */ ++ return addr >= (unsigned long)_stext && addr <= (unsigned long)_end; + } + +-void __init setup_arch(char **cmdline_p) ++#define IGNORE_ARGS "Ignore U-boot args: " ++ ++/* uboot_tag values for U-boot - kernel ABI revision 0; see head.S */ ++#define UBOOT_TAG_NONE 0 ++#define UBOOT_TAG_CMDLINE 1 ++#define UBOOT_TAG_DTB 2 ++ ++void __init handle_uboot_args(void) + { ++ bool use_embedded_dtb = true; ++ bool append_cmdline = false; ++ + #ifdef CONFIG_ARC_UBOOT_SUPPORT +- /* make sure that uboot passed pointer to cmdline/dtb is valid */ +- if (uboot_tag && is_kernel((unsigned long)uboot_arg)) +- panic("Invalid uboot arg\n"); +- +- /* See if u-boot passed an external Device Tree blob */ +- machine_desc = setup_machine_fdt(uboot_arg); /* uboot_tag == 2 */ +- if (!machine_desc) ++ /* check that we know this tag */ ++ if (uboot_tag != UBOOT_TAG_NONE && ++ uboot_tag != UBOOT_TAG_CMDLINE && ++ uboot_tag != UBOOT_TAG_DTB) { ++ pr_warn(IGNORE_ARGS "invalid uboot tag: '%08x'\n", uboot_tag); ++ goto ignore_uboot_args; ++ } ++ ++ if (uboot_tag != UBOOT_TAG_NONE && ++ uboot_arg_invalid((unsigned long)uboot_arg)) { ++ pr_warn(IGNORE_ARGS "invalid uboot arg: '%px'\n", uboot_arg); ++ goto ignore_uboot_args; ++ } ++ ++ /* see if U-boot passed an external Device Tree blob */ ++ if (uboot_tag == UBOOT_TAG_DTB) { ++ machine_desc = setup_machine_fdt((void *)uboot_arg); ++ ++ /* external Device Tree blob is invalid - use embedded one */ ++ use_embedded_dtb = !machine_desc; ++ } ++ ++ if (uboot_tag == UBOOT_TAG_CMDLINE) ++ append_cmdline = true; ++ ++ignore_uboot_args: + #endif +- { +- /* No, so try the embedded one */ ++ ++ if (use_embedded_dtb) { + machine_desc = setup_machine_fdt(__dtb_start); + if (!machine_desc) + panic("Embedded DT invalid\n"); ++ } + +- /* +- * If we are here, it is established that @uboot_arg didn't +- * point to DT blob. Instead if u-boot says it is cmdline, +- * append to embedded DT cmdline. +- * setup_machine_fdt() would have populated @boot_command_line +- */ +- if (uboot_tag == 1) { +- /* Ensure a whitespace between the 2 cmdlines */ +- strlcat(boot_command_line, " ", COMMAND_LINE_SIZE); +- strlcat(boot_command_line, uboot_arg, +- COMMAND_LINE_SIZE); +- } ++ /* ++ * NOTE: @boot_command_line is populated by setup_machine_fdt() so this ++ * append processing can only happen after. ++ */ ++ if (append_cmdline) { ++ /* Ensure a whitespace between the 2 cmdlines */ ++ strlcat(boot_command_line, " ", COMMAND_LINE_SIZE); ++ strlcat(boot_command_line, uboot_arg, COMMAND_LINE_SIZE); + } ++} ++ ++void __init setup_arch(char **cmdline_p) ++{ ++ handle_uboot_args(); + + /* Save unparsed command line copy for /proc/cmdline */ + *cmdline_p = boot_command_line; diff --git a/queue-4.14/arcv2-enable-unaligned-access-in-early-asm-code.patch b/queue-4.14/arcv2-enable-unaligned-access-in-early-asm-code.patch new file mode 100644 index 00000000000..880ac825c26 --- /dev/null +++ b/queue-4.14/arcv2-enable-unaligned-access-in-early-asm-code.patch @@ -0,0 +1,49 @@ +From 252f6e8eae909bc075a1b1e3b9efb095ae4c0b56 Mon Sep 17 00:00:00 2001 +From: Eugeniy Paltsev +Date: Wed, 16 Jan 2019 14:29:50 +0300 +Subject: ARCv2: Enable unaligned access in early ASM code + +From: Eugeniy Paltsev + +commit 252f6e8eae909bc075a1b1e3b9efb095ae4c0b56 upstream. + +It is currently done in arc_init_IRQ() which might be too late +considering gcc 7.3.1 onwards (GNU 2018.03) generates unaligned +memory accesses by default + +Cc: stable@vger.kernel.org #4.4+ +Signed-off-by: Eugeniy Paltsev +Signed-off-by: Vineet Gupta +[vgupta: rewrote changelog] +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/kernel/head.S | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/arch/arc/kernel/head.S ++++ b/arch/arc/kernel/head.S +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + + .macro CPU_EARLY_SETUP + +@@ -47,6 +48,15 @@ + sr r5, [ARC_REG_DC_CTRL] + + 1: ++ ++#ifdef CONFIG_ISA_ARCV2 ++ ; Unaligned access is disabled at reset, so re-enable early as ++ ; gcc 7.3.1 (ARC GNU 2018.03) onwards generates unaligned access ++ ; by default ++ lr r5, [status32] ++ bset r5, r5, STATUS_AD_BIT ++ kflag r5 ++#endif + .endm + + .section .init.text, "ax",@progbits diff --git a/queue-4.14/drm-i915-fbdev-actually-configure-untiled-displays.patch b/queue-4.14/drm-i915-fbdev-actually-configure-untiled-displays.patch new file mode 100644 index 00000000000..51f6a5e796e --- /dev/null +++ b/queue-4.14/drm-i915-fbdev-actually-configure-untiled-displays.patch @@ -0,0 +1,76 @@ +From d179b88deb3bf6fed4991a31fd6f0f2cad21fab5 Mon Sep 17 00:00:00 2001 +From: Chris Wilson +Date: Fri, 15 Feb 2019 12:30:19 +0000 +Subject: drm/i915/fbdev: Actually configure untiled displays + +From: Chris Wilson + +commit d179b88deb3bf6fed4991a31fd6f0f2cad21fab5 upstream. + +If we skipped all the connectors that were not part of a tile, we would +leave conn_seq=0 and conn_configured=0, convincing ourselves that we +had stagnated in our configuration attempts. Avoid this situation by +starting conn_seq=ALL_CONNECTORS, and repeating until we find no more +connectors to configure. + +Fixes: 754a76591b12 ("drm/i915/fbdev: Stop repeating tile configuration on stagnation") +Reported-by: Maarten Lankhorst +Signed-off-by: Chris Wilson +Cc: Maarten Lankhorst +Reviewed-by: Maarten Lankhorst +Link: https://patchwork.freedesktop.org/patch/msgid/20190215123019.32283-1-chris@chris-wilson.co.uk +Cc: # v3.19+ +(cherry picked from commit d9b308b1f8a1acc0c3279f443d4fe0f9f663252e) +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/intel_fbdev.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/drivers/gpu/drm/i915/intel_fbdev.c ++++ b/drivers/gpu/drm/i915/intel_fbdev.c +@@ -326,8 +326,8 @@ static bool intel_fb_initial_config(stru + bool *enabled, int width, int height) + { + struct drm_i915_private *dev_priv = to_i915(fb_helper->dev); +- unsigned long conn_configured, conn_seq, mask; + unsigned int count = min(fb_helper->connector_count, BITS_PER_LONG); ++ unsigned long conn_configured, conn_seq; + int i, j; + bool *save_enabled; + bool fallback = true, ret = true; +@@ -345,10 +345,9 @@ static bool intel_fb_initial_config(stru + drm_modeset_backoff(&ctx); + + memcpy(save_enabled, enabled, count); +- mask = GENMASK(count - 1, 0); ++ conn_seq = GENMASK(count - 1, 0); + conn_configured = 0; + retry: +- conn_seq = conn_configured; + for (i = 0; i < count; i++) { + struct drm_fb_helper_connector *fb_conn; + struct drm_connector *connector; +@@ -361,7 +360,8 @@ retry: + if (conn_configured & BIT(i)) + continue; + +- if (conn_seq == 0 && !connector->has_tile) ++ /* First pass, only consider tiled connectors */ ++ if (conn_seq == GENMASK(count - 1, 0) && !connector->has_tile) + continue; + + if (connector->status == connector_status_connected) +@@ -465,8 +465,10 @@ retry: + conn_configured |= BIT(i); + } + +- if ((conn_configured & mask) != mask && conn_configured != conn_seq) ++ if (conn_configured != conn_seq) { /* repeat until no more are found */ ++ conn_seq = conn_configured; + goto retry; ++ } + + /* + * If the BIOS didn't enable everything it could, fall back to have the diff --git a/queue-4.14/parisc-fix-ptrace-syscall-number-modification.patch b/queue-4.14/parisc-fix-ptrace-syscall-number-modification.patch new file mode 100644 index 00000000000..cee5289d517 --- /dev/null +++ b/queue-4.14/parisc-fix-ptrace-syscall-number-modification.patch @@ -0,0 +1,91 @@ +From b7dc5a071ddf69c0350396b203cba32fe5bab510 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Sat, 16 Feb 2019 16:10:39 +0300 +Subject: parisc: Fix ptrace syscall number modification + +From: Dmitry V. Levin + +commit b7dc5a071ddf69c0350396b203cba32fe5bab510 upstream. + +Commit 910cd32e552e ("parisc: Fix and enable seccomp filter support") +introduced a regression in ptrace-based syscall tampering: when tracer +changes syscall number to -1, the kernel fails to initialize %r28 with +-ENOSYS and subsequently fails to return the error code of the failed +syscall to userspace. + +This erroneous behaviour could be observed with a simple strace syscall +fault injection command which is expected to print something like this: + +$ strace -a0 -ewrite -einject=write:error=enospc echo hello +write(1, "hello\n", 6) = -1 ENOSPC (No space left on device) (INJECTED) +write(2, "echo: ", 6) = -1 ENOSPC (No space left on device) (INJECTED) +write(2, "write error", 11) = -1 ENOSPC (No space left on device) (INJECTED) +write(2, "\n", 1) = -1 ENOSPC (No space left on device) (INJECTED) ++++ exited with 1 +++ + +After commit 910cd32e552ea09caa89cdbe328e468979b030dd it loops printing +something like this instead: + +write(1, "hello\n", 6../strace: Failed to tamper with process 12345: unexpectedly got no error (return value 0, error 0) +) = 0 (INJECTED) + +This bug was found by strace test suite. + +Fixes: 910cd32e552e ("parisc: Fix and enable seccomp filter support") +Cc: stable@vger.kernel.org # v4.5+ +Signed-off-by: Dmitry V. Levin +Tested-by: Helge Deller +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/ptrace.c | 29 +++++++++++++++++++++-------- + 1 file changed, 21 insertions(+), 8 deletions(-) + +--- a/arch/parisc/kernel/ptrace.c ++++ b/arch/parisc/kernel/ptrace.c +@@ -312,15 +312,29 @@ long compat_arch_ptrace(struct task_stru + + long do_syscall_trace_enter(struct pt_regs *regs) + { +- if (test_thread_flag(TIF_SYSCALL_TRACE) && +- tracehook_report_syscall_entry(regs)) { ++ if (test_thread_flag(TIF_SYSCALL_TRACE)) { ++ int rc = tracehook_report_syscall_entry(regs); ++ + /* +- * Tracing decided this syscall should not happen or the +- * debugger stored an invalid system call number. Skip +- * the system call and the system call restart handling. ++ * As tracesys_next does not set %r28 to -ENOSYS ++ * when %r20 is set to -1, initialize it here. + */ +- regs->gr[20] = -1UL; +- goto out; ++ regs->gr[28] = -ENOSYS; ++ ++ if (rc) { ++ /* ++ * A nonzero return code from ++ * tracehook_report_syscall_entry() tells us ++ * to prevent the syscall execution. Skip ++ * the syscall call and the syscall restart handling. ++ * ++ * Note that the tracer may also just change ++ * regs->gr[20] to an invalid syscall number, ++ * that is handled by tracesys_next. ++ */ ++ regs->gr[20] = -1UL; ++ return -1; ++ } + } + + /* Do the secure computing check after ptrace. */ +@@ -344,7 +358,6 @@ long do_syscall_trace_enter(struct pt_re + regs->gr[24] & 0xffffffff, + regs->gr[23] & 0xffffffff); + +-out: + /* + * Sign extend the syscall number to 64bit since it may have been + * modified by a compat ptrace call diff --git a/queue-4.14/series b/queue-4.14/series index 4e5c1c3d27a..732ce6de98e 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -55,3 +55,8 @@ inet_diag-fix-reporting-cgroup-classid-and-fallback-to-priority.patch rdma-srp-rework-scsi-device-reset-handling.patch keys-user-align-the-payload-buffer.patch keys-always-initialize-keyring_index_key-desc_len.patch +parisc-fix-ptrace-syscall-number-modification.patch +arcv2-enable-unaligned-access-in-early-asm-code.patch +arc-u-boot-check-arguments-paranoidly.patch +arc-define-arch_slab_minalign-8.patch +drm-i915-fbdev-actually-configure-untiled-displays.patch