From: Greg Kroah-Hartman Date: Tue, 4 Jun 2019 09:35:20 +0000 (+0200) Subject: 5.1-stable patches X-Git-Tag: v5.1.8~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=731fa5a3782b1773842d407f3e3245348ec40cdf;p=thirdparty%2Fkernel%2Fstable-queue.git 5.1-stable patches added patches: alsa-hda-realtek-improve-the-headset-mic-for-acer-aspire-laptops.patch alsa-hda-realtek-set-default-power-save-node-to-0.patch alsa-line6-assure-canceling-delayed-work-at-disconnection.patch iio-adc-ads124-avoid-buffer-overflow.patch iio-adc-modify-npcm-adc-read-reference-voltage.patch iio-adc-ti-ads8688-fix-timestamp-is-not-updated-in-buffer.patch iio-dac-ds4422-ds4424-fix-chip-verification.patch kvm-ppc-book3s-hv-fix-lockdep-warning-when-entering-guest-on-power9.patch kvm-ppc-book3s-hv-restore-sprg3-in-kvmhv_p9_guest_entry.patch kvm-ppc-book3s-hv-xive-do-not-clear-irq-data-of-passthrough-interrupts.patch powerpc-kexec-fix-loading-of-kernel-initramfs-with-kexec_file_load.patch powerpc-perf-fix-mmcra-corruption-by-bhrb_filter.patch s390-crypto-fix-gcm-aes-s390-selftest-failures.patch s390-crypto-fix-possible-sleep-during-spinlock-aquired.patch --- diff --git a/queue-5.1/alsa-hda-realtek-improve-the-headset-mic-for-acer-aspire-laptops.patch b/queue-5.1/alsa-hda-realtek-improve-the-headset-mic-for-acer-aspire-laptops.patch new file mode 100644 index 00000000000..e123e1eff9d --- /dev/null +++ b/queue-5.1/alsa-hda-realtek-improve-the-headset-mic-for-acer-aspire-laptops.patch @@ -0,0 +1,68 @@ +From 9cb40eb184c4220d244a532bd940c6345ad9dbd9 Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Wed, 29 May 2019 12:41:38 +0800 +Subject: ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops + +From: Hui Wang + +commit 9cb40eb184c4220d244a532bd940c6345ad9dbd9 upstream. + +We met another Acer Aspire laptop which has the problem on the +headset-mic, the Pin 0x19 is not set the corret configuration for a +mic and the pin presence can't be detected too after plugging a +headset. Kailang suggested that we should set the coeff to enable the +mic and apply the ALC269_FIXUP_LIFEBOOK_EXTMIC. After doing that, +both headset-mic presence and headset-mic work well. + +The existing ALC255_FIXUP_ACER_MIC_NO_PRESENCE set the headset-mic +jack to be a phantom jack. Now since the jack can support presence +unsol event, let us imporve it to set the jack to be a normal jack. + +https://bugs.launchpad.net/bugs/1821269 +Fixes: 5824ce8de7b1c ("ALSA: hda/realtek - Add support for Acer Aspire E5-475 headset mic") +Cc: Chris Chiu +CC: Daniel Drake +Cc: +Signed-off-by: Kailang Yang +Signed-off-by: Hui Wang +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6166,13 +6166,15 @@ static const struct hda_fixup alc269_fix + .chain_id = ALC269_FIXUP_THINKPAD_ACPI, + }, + [ALC255_FIXUP_ACER_MIC_NO_PRESENCE] = { +- .type = HDA_FIXUP_PINS, +- .v.pins = (const struct hda_pintbl[]) { +- { 0x19, 0x01a1913c }, /* use as headset mic, without its own jack detect */ +- { } ++ .type = HDA_FIXUP_VERBS, ++ .v.verbs = (const struct hda_verb[]) { ++ /* Enable the Mic */ ++ { 0x20, AC_VERB_SET_COEF_INDEX, 0x45 }, ++ { 0x20, AC_VERB_SET_PROC_COEF, 0x5089 }, ++ {} + }, + .chained = true, +- .chain_id = ALC255_FIXUP_HEADSET_MODE ++ .chain_id = ALC269_FIXUP_LIFEBOOK_EXTMIC + }, + [ALC255_FIXUP_ASUS_MIC_NO_PRESENCE] = { + .type = HDA_FIXUP_PINS, +@@ -7218,6 +7220,10 @@ static const struct snd_hda_pin_quirk al + {0x19, 0x0181303F}, + {0x21, 0x0221102f}), + SND_HDA_PIN_QUIRK(0x10ec0255, 0x1025, "Acer", ALC255_FIXUP_ACER_MIC_NO_PRESENCE, ++ {0x12, 0x90a60140}, ++ {0x14, 0x90170120}, ++ {0x21, 0x02211030}), ++ SND_HDA_PIN_QUIRK(0x10ec0255, 0x1025, "Acer", ALC255_FIXUP_ACER_MIC_NO_PRESENCE, + {0x12, 0x90a601c0}, + {0x14, 0x90171120}, + {0x21, 0x02211030}), diff --git a/queue-5.1/alsa-hda-realtek-set-default-power-save-node-to-0.patch b/queue-5.1/alsa-hda-realtek-set-default-power-save-node-to-0.patch new file mode 100644 index 00000000000..12fa01b1a74 --- /dev/null +++ b/queue-5.1/alsa-hda-realtek-set-default-power-save-node-to-0.patch @@ -0,0 +1,36 @@ +From 317d9313925cd8388304286c0d3c8dda7f060a2d Mon Sep 17 00:00:00 2001 +From: Kailang Yang +Date: Thu, 23 May 2019 14:43:04 +0800 +Subject: ALSA: hda/realtek - Set default power save node to 0 + +From: Kailang Yang + +commit 317d9313925cd8388304286c0d3c8dda7f060a2d upstream. + +I measured power consumption between power_save_node=1 and power_save_node=0. +It's almost the same. +Codec will enter to runtime suspend and suspend. +That pin also will enter to D3. Don't need to enter to D3 by single pin. +So, Disable power_save_node as default. It will avoid more issues. +Windows Driver also has not this option at runtime PM. + +Signed-off-by: Kailang Yang +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -7654,7 +7654,7 @@ static int patch_alc269(struct hda_codec + + spec = codec->spec; + spec->gen.shared_mic_vref_pin = 0x18; +- codec->power_save_node = 1; ++ codec->power_save_node = 0; + + #ifdef CONFIG_PM + codec->patch_ops.suspend = alc269_suspend; diff --git a/queue-5.1/alsa-line6-assure-canceling-delayed-work-at-disconnection.patch b/queue-5.1/alsa-line6-assure-canceling-delayed-work-at-disconnection.patch new file mode 100644 index 00000000000..ee2f4d47d9a --- /dev/null +++ b/queue-5.1/alsa-line6-assure-canceling-delayed-work-at-disconnection.patch @@ -0,0 +1,142 @@ +From 0b074ab7fc0d575247b9cc9f93bb7e007ca38840 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 28 May 2019 08:39:44 +0200 +Subject: ALSA: line6: Assure canceling delayed work at disconnection + +From: Takashi Iwai + +commit 0b074ab7fc0d575247b9cc9f93bb7e007ca38840 upstream. + +The current code performs the cancel of a delayed work at the late +stage of disconnection procedure, which may lead to the access to the +already cleared state. + +This patch assures to call cancel_delayed_work_sync() at the beginning +of the disconnection procedure for avoiding that race. The delayed +work object is now assigned in the common line6 object instead of its +derivative, so that we can call cancel_delayed_work_sync(). + +Along with the change, the startup function is called via the new +callback instead. This will make it easier to port other LINE6 +drivers to use the delayed work for startup in later patches. + +Reported-by: syzbot+5255458d5e0a2b10bbb9@syzkaller.appspotmail.com +Fixes: 7f84ff68be05 ("ALSA: line6: toneport: Fix broken usage of timer for delayed execution") +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/line6/driver.c | 12 ++++++++++++ + sound/usb/line6/driver.h | 4 ++++ + sound/usb/line6/toneport.c | 15 +++------------ + 3 files changed, 19 insertions(+), 12 deletions(-) + +--- a/sound/usb/line6/driver.c ++++ b/sound/usb/line6/driver.c +@@ -720,6 +720,15 @@ static int line6_init_cap_control(struct + return 0; + } + ++static void line6_startup_work(struct work_struct *work) ++{ ++ struct usb_line6 *line6 = ++ container_of(work, struct usb_line6, startup_work.work); ++ ++ if (line6->startup) ++ line6->startup(line6); ++} ++ + /* + Probe USB device. + */ +@@ -755,6 +764,7 @@ int line6_probe(struct usb_interface *in + line6->properties = properties; + line6->usbdev = usbdev; + line6->ifcdev = &interface->dev; ++ INIT_DELAYED_WORK(&line6->startup_work, line6_startup_work); + + strcpy(card->id, properties->id); + strcpy(card->driver, driver_name); +@@ -825,6 +835,8 @@ void line6_disconnect(struct usb_interfa + if (WARN_ON(usbdev != line6->usbdev)) + return; + ++ cancel_delayed_work(&line6->startup_work); ++ + if (line6->urb_listen != NULL) + line6_stop_listen(line6); + +--- a/sound/usb/line6/driver.h ++++ b/sound/usb/line6/driver.h +@@ -178,11 +178,15 @@ struct usb_line6 { + fifo; + } messages; + ++ /* Work for delayed PCM startup */ ++ struct delayed_work startup_work; ++ + /* If MIDI is supported, buffer_message contains the pre-processed data; + * otherwise the data is only in urb_listen (buffer_incoming). + */ + void (*process_message)(struct usb_line6 *); + void (*disconnect)(struct usb_line6 *line6); ++ void (*startup)(struct usb_line6 *line6); + }; + + extern char *line6_alloc_sysex_buffer(struct usb_line6 *line6, int code1, +--- a/sound/usb/line6/toneport.c ++++ b/sound/usb/line6/toneport.c +@@ -54,9 +54,6 @@ struct usb_line6_toneport { + /* Firmware version (x 100) */ + u8 firmware_version; + +- /* Work for delayed PCM startup */ +- struct delayed_work pcm_work; +- + /* Device type */ + enum line6_device_type type; + +@@ -241,12 +238,8 @@ static int snd_toneport_source_put(struc + return 1; + } + +-static void toneport_start_pcm(struct work_struct *work) ++static void toneport_startup(struct usb_line6 *line6) + { +- struct usb_line6_toneport *toneport = +- container_of(work, struct usb_line6_toneport, pcm_work.work); +- struct usb_line6 *line6 = &toneport->line6; +- + line6_pcm_acquire(line6->line6pcm, LINE6_STREAM_MONITOR, true); + } + +@@ -394,7 +387,7 @@ static int toneport_setup(struct usb_lin + if (toneport_has_led(toneport)) + toneport_update_led(toneport); + +- schedule_delayed_work(&toneport->pcm_work, ++ schedule_delayed_work(&toneport->line6.startup_work, + msecs_to_jiffies(TONEPORT_PCM_DELAY * 1000)); + return 0; + } +@@ -407,8 +400,6 @@ static void line6_toneport_disconnect(st + struct usb_line6_toneport *toneport = + (struct usb_line6_toneport *)line6; + +- cancel_delayed_work_sync(&toneport->pcm_work); +- + if (toneport_has_led(toneport)) + toneport_remove_leds(toneport); + } +@@ -424,9 +415,9 @@ static int toneport_init(struct usb_line + struct usb_line6_toneport *toneport = (struct usb_line6_toneport *) line6; + + toneport->type = id->driver_info; +- INIT_DELAYED_WORK(&toneport->pcm_work, toneport_start_pcm); + + line6->disconnect = line6_toneport_disconnect; ++ line6->startup = toneport_startup; + + /* initialize PCM subsystem: */ + err = line6_init_pcm(line6, &toneport_pcm_properties); diff --git a/queue-5.1/iio-adc-ads124-avoid-buffer-overflow.patch b/queue-5.1/iio-adc-ads124-avoid-buffer-overflow.patch new file mode 100644 index 00000000000..5061260b2d7 --- /dev/null +++ b/queue-5.1/iio-adc-ads124-avoid-buffer-overflow.patch @@ -0,0 +1,38 @@ +From 0db8aa49a97e7f40852a64fd35abcc1292a7c365 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= +Date: Sun, 31 Mar 2019 20:54:23 +0200 +Subject: iio: adc: ads124: avoid buffer overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Vincent Stehlé + +commit 0db8aa49a97e7f40852a64fd35abcc1292a7c365 upstream. + +When initializing the priv->data array starting from index 1, there is one +less element to consider than when initializing the full array. + +Fixes: e717f8c6dfec8f76 ("iio: adc: Add the TI ads124s08 ADC code") +Signed-off-by: Vincent Stehlé +Reviewed-by: Mukesh Ojha +Reviewed-by: Dan Murphy +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iio/adc/ti-ads124s08.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/adc/ti-ads124s08.c ++++ b/drivers/iio/adc/ti-ads124s08.c +@@ -202,7 +202,7 @@ static int ads124s_read(struct iio_dev * + }; + + priv->data[0] = ADS124S08_CMD_RDATA; +- memset(&priv->data[1], ADS124S08_CMD_NOP, sizeof(priv->data)); ++ memset(&priv->data[1], ADS124S08_CMD_NOP, sizeof(priv->data) - 1); + + ret = spi_sync_transfer(priv->spi, t, ARRAY_SIZE(t)); + if (ret < 0) diff --git a/queue-5.1/iio-adc-modify-npcm-adc-read-reference-voltage.patch b/queue-5.1/iio-adc-modify-npcm-adc-read-reference-voltage.patch new file mode 100644 index 00000000000..b67ce39d226 --- /dev/null +++ b/queue-5.1/iio-adc-modify-npcm-adc-read-reference-voltage.patch @@ -0,0 +1,33 @@ +From 4e63ed6b90803eeb400c392e9ff493200d926b06 Mon Sep 17 00:00:00 2001 +From: Tomer Maimon +Date: Sun, 7 Apr 2019 11:19:28 +0300 +Subject: iio: adc: modify NPCM ADC read reference voltage + +From: Tomer Maimon + +commit 4e63ed6b90803eeb400c392e9ff493200d926b06 upstream. + +Checking if regulator is valid before reading +NPCM ADC regulator voltage to avoid system crash +in a case the regulator is not valid. + +Signed-off-by: Tomer Maimon +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iio/adc/npcm_adc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/adc/npcm_adc.c ++++ b/drivers/iio/adc/npcm_adc.c +@@ -149,7 +149,7 @@ static int npcm_adc_read_raw(struct iio_ + } + return IIO_VAL_INT; + case IIO_CHAN_INFO_SCALE: +- if (info->vref) { ++ if (!IS_ERR(info->vref)) { + vref_uv = regulator_get_voltage(info->vref); + *val = vref_uv / 1000; + } else { diff --git a/queue-5.1/iio-adc-ti-ads8688-fix-timestamp-is-not-updated-in-buffer.patch b/queue-5.1/iio-adc-ti-ads8688-fix-timestamp-is-not-updated-in-buffer.patch new file mode 100644 index 00000000000..960a92895b8 --- /dev/null +++ b/queue-5.1/iio-adc-ti-ads8688-fix-timestamp-is-not-updated-in-buffer.patch @@ -0,0 +1,33 @@ +From e6d12298310fa1dc11f1d747e05b168016057fdd Mon Sep 17 00:00:00 2001 +From: Sean Nyekjaer +Date: Tue, 7 May 2019 10:23:04 +0200 +Subject: iio: adc: ti-ads8688: fix timestamp is not updated in buffer + +From: Sean Nyekjaer + +commit e6d12298310fa1dc11f1d747e05b168016057fdd upstream. + +When using the hrtimer iio trigger timestamp isn't updated. +If we use iio_get_time_ns it is updated correctly. + +Fixes: 2a86487786b5c ("iio: adc: ti-ads8688: add trigger and buffer support") +Signed-off-by: Sean Nyekjaer +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iio/adc/ti-ads8688.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/adc/ti-ads8688.c ++++ b/drivers/iio/adc/ti-ads8688.c +@@ -397,7 +397,7 @@ static irqreturn_t ads8688_trigger_handl + } + + iio_push_to_buffers_with_timestamp(indio_dev, buffer, +- pf->timestamp); ++ iio_get_time_ns(indio_dev)); + + iio_trigger_notify_done(indio_dev->trig); + diff --git a/queue-5.1/iio-dac-ds4422-ds4424-fix-chip-verification.patch b/queue-5.1/iio-dac-ds4422-ds4424-fix-chip-verification.patch new file mode 100644 index 00000000000..3d3bd980d9b --- /dev/null +++ b/queue-5.1/iio-dac-ds4422-ds4424-fix-chip-verification.patch @@ -0,0 +1,35 @@ +From 60f2208699ec08ff9fdf1f97639a661a92a18f1c Mon Sep 17 00:00:00 2001 +From: Ruslan Babayev +Date: Sun, 5 May 2019 12:24:37 -0700 +Subject: iio: dac: ds4422/ds4424 fix chip verification + +From: Ruslan Babayev + +commit 60f2208699ec08ff9fdf1f97639a661a92a18f1c upstream. + +The ds4424_get_value function takes channel number as it's 3rd +argument and translates it internally into I2C address using +DS4424_DAC_ADDR macro. The caller ds4424_verify_chip was passing an +already translated I2C address as its last argument. + +Signed-off-by: Ruslan Babayev +Cc: xe-linux-external@cisco.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iio/dac/ds4424.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/dac/ds4424.c ++++ b/drivers/iio/dac/ds4424.c +@@ -166,7 +166,7 @@ static int ds4424_verify_chip(struct iio + { + int ret, val; + +- ret = ds4424_get_value(indio_dev, &val, DS4424_DAC_ADDR(0)); ++ ret = ds4424_get_value(indio_dev, &val, 0); + if (ret < 0) + dev_err(&indio_dev->dev, + "%s failed. ret: %d\n", __func__, ret); diff --git a/queue-5.1/kvm-ppc-book3s-hv-fix-lockdep-warning-when-entering-guest-on-power9.patch b/queue-5.1/kvm-ppc-book3s-hv-fix-lockdep-warning-when-entering-guest-on-power9.patch new file mode 100644 index 00000000000..c447c7c1603 --- /dev/null +++ b/queue-5.1/kvm-ppc-book3s-hv-fix-lockdep-warning-when-entering-guest-on-power9.patch @@ -0,0 +1,116 @@ +From 1b28d5531e446a87bbefa5ced191c4cbd316576c Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Tue, 28 May 2019 15:01:59 +1000 +Subject: KVM: PPC: Book3S HV: Fix lockdep warning when entering guest on POWER9 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Paul Mackerras + +commit 1b28d5531e446a87bbefa5ced191c4cbd316576c upstream. + +Commit 3309bec85e60 ("KVM: PPC: Book3S HV: Fix lockdep warning when +entering the guest") moved calls to trace_hardirqs_{on,off} in the +entry path used for HPT guests. Similar code exists in the new +streamlined entry path used for radix guests on POWER9. This makes +the same change there, so as to avoid lockdep warnings such as this: + +[ 228.686461] DEBUG_LOCKS_WARN_ON(current->hardirqs_enabled) +[ 228.686480] WARNING: CPU: 116 PID: 3803 at ../kernel/locking/lockdep.c:4219 check_flags.part.23+0x21c/0x270 +[ 228.686544] Modules linked in: vhost_net vhost xt_CHECKSUM iptable_mangle xt_MASQUERADE iptable_nat nf_nat ++xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipt_REJECT nf_reject_ipv4 tun bridge stp llc ebtable_filter ++ebtables ip6table_filter ip6_tables iptable_filter fuse kvm_hv kvm at24 ipmi_powernv regmap_i2c ipmi_devintf ++uio_pdrv_genirq ofpart ipmi_msghandler uio powernv_flash mtd ibmpowernv opal_prd ip_tables ext4 mbcache jbd2 btrfs ++zstd_decompress zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor ++raid6_pq raid1 raid0 ses sd_mod enclosure scsi_transport_sas ast i2c_opal i2c_algo_bit drm_kms_helper syscopyarea ++sysfillrect sysimgblt fb_sys_fops ttm drm i40e e1000e cxl aacraid tg3 drm_panel_orientation_quirks i2c_core +[ 228.686859] CPU: 116 PID: 3803 Comm: qemu-system-ppc Kdump: loaded Not tainted 5.2.0-rc1-xive+ #42 +[ 228.686911] NIP: c0000000001b394c LR: c0000000001b3948 CTR: c000000000bfad20 +[ 228.686963] REGS: c000200cdb50f570 TRAP: 0700 Not tainted (5.2.0-rc1-xive+) +[ 228.687001] MSR: 9000000002823033 CR: 48222222 XER: 20040000 +[ 228.687060] CFAR: c000000000116db0 IRQMASK: 1 +[ 228.687060] GPR00: c0000000001b3948 c000200cdb50f800 c0000000015e7600 000000000000002e +[ 228.687060] GPR04: 0000000000000001 c0000000001c71a0 000000006e655f73 72727563284e4f5f +[ 228.687060] GPR08: 0000200e60680000 0000000000000000 c000200cdb486180 0000000000000000 +[ 228.687060] GPR12: 0000000000002000 c000200fff61a680 0000000000000000 00007fffb75c0000 +[ 228.687060] GPR16: 0000000000000000 0000000000000000 c0000000017d6900 c000000001124900 +[ 228.687060] GPR20: 0000000000000074 c008000006916f68 0000000000000074 0000000000000074 +[ 228.687060] GPR24: ffffffffffffffff ffffffffffffffff 0000000000000003 c000200d4b600000 +[ 228.687060] GPR28: c000000001627e58 c000000001489908 c000000001627e58 c000000002304de0 +[ 228.687377] NIP [c0000000001b394c] check_flags.part.23+0x21c/0x270 +[ 228.687415] LR [c0000000001b3948] check_flags.part.23+0x218/0x270 +[ 228.687466] Call Trace: +[ 228.687488] [c000200cdb50f800] [c0000000001b3948] check_flags.part.23+0x218/0x270 (unreliable) +[ 228.687542] [c000200cdb50f870] [c0000000001b6548] lock_is_held_type+0x188/0x1c0 +[ 228.687595] [c000200cdb50f8d0] [c0000000001d939c] rcu_read_lock_sched_held+0xdc/0x100 +[ 228.687646] [c000200cdb50f900] [c0000000001dd704] rcu_note_context_switch+0x304/0x340 +[ 228.687701] [c000200cdb50f940] [c0080000068fcc58] kvmhv_run_single_vcpu+0xdb0/0x1120 [kvm_hv] +[ 228.687756] [c000200cdb50fa20] [c0080000068fd5b0] kvmppc_vcpu_run_hv+0x5e8/0xe40 [kvm_hv] +[ 228.687816] [c000200cdb50faf0] [c0080000071797dc] kvmppc_vcpu_run+0x34/0x48 [kvm] +[ 228.687863] [c000200cdb50fb10] [c0080000071755dc] kvm_arch_vcpu_ioctl_run+0x244/0x420 [kvm] +[ 228.687916] [c000200cdb50fba0] [c008000007165ccc] kvm_vcpu_ioctl+0x424/0x838 [kvm] +[ 228.687957] [c000200cdb50fd10] [c000000000433a24] do_vfs_ioctl+0xd4/0xcd0 +[ 228.687995] [c000200cdb50fdb0] [c000000000434724] ksys_ioctl+0x104/0x120 +[ 228.688033] [c000200cdb50fe00] [c000000000434768] sys_ioctl+0x28/0x80 +[ 228.688072] [c000200cdb50fe20] [c00000000000b888] system_call+0x5c/0x70 +[ 228.688109] Instruction dump: +[ 228.688142] 4bf6342d 60000000 0fe00000 e8010080 7c0803a6 4bfffe60 3c82ff87 3c62ff87 +[ 228.688196] 388472d0 3863d738 4bf63405 60000000 <0fe00000> 4bffff4c 3c82ff87 3c62ff87 +[ 228.688251] irq event stamp: 205 +[ 228.688287] hardirqs last enabled at (205): [] kvmhv_run_single_vcpu+0x30c/0x1120 [kvm_hv] +[ 228.688344] hardirqs last disabled at (204): [] kvmhv_run_single_vcpu+0x148/0x1120 [kvm_hv] +[ 228.688412] softirqs last enabled at (180): [] __do_softirq+0x4ac/0x5d4 +[ 228.688464] softirqs last disabled at (169): [] irq_exit+0x1f8/0x210 +[ 228.688513] ---[ end trace eb16f6260022a812 ]--- +[ 228.688548] possible reason: unannotated irqs-off. +[ 228.688571] irq event stamp: 205 +[ 228.688607] hardirqs last enabled at (205): [] kvmhv_run_single_vcpu+0x30c/0x1120 [kvm_hv] +[ 228.688664] hardirqs last disabled at (204): [] kvmhv_run_single_vcpu+0x148/0x1120 [kvm_hv] +[ 228.688719] softirqs last enabled at (180): [] __do_softirq+0x4ac/0x5d4 +[ 228.688758] softirqs last disabled at (169): [] irq_exit+0x1f8/0x210 + +Cc: stable@vger.kernel.org # v4.20+ +Fixes: 95a6432ce903 ("KVM: PPC: Book3S HV: Streamlined guest entry/exit path on P9 for radix guests") +Signed-off-by: Paul Mackerras +Reviewed-by: Cédric Le Goater +Tested-by: Cédric Le Goater +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_hv.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kvm/book3s_hv.c ++++ b/arch/powerpc/kvm/book3s_hv.c +@@ -4048,16 +4048,20 @@ int kvmhv_run_single_vcpu(struct kvm_run + if (cpu_has_feature(CPU_FTR_HVMODE)) + kvmppc_radix_check_need_tlb_flush(kvm, pcpu, nested); + +- trace_hardirqs_on(); + guest_enter_irqoff(); + + srcu_idx = srcu_read_lock(&kvm->srcu); + + this_cpu_disable_ftrace(); + ++ /* Tell lockdep that we're about to enable interrupts */ ++ trace_hardirqs_on(); ++ + trap = kvmhv_p9_guest_entry(vcpu, time_limit, lpcr); + vcpu->arch.trap = trap; + ++ trace_hardirqs_off(); ++ + this_cpu_enable_ftrace(); + + srcu_read_unlock(&kvm->srcu, srcu_idx); +@@ -4067,7 +4071,6 @@ int kvmhv_run_single_vcpu(struct kvm_run + isync(); + } + +- trace_hardirqs_off(); + set_irq_happened(trap); + + kvmppc_set_host_core(pcpu); diff --git a/queue-5.1/kvm-ppc-book3s-hv-restore-sprg3-in-kvmhv_p9_guest_entry.patch b/queue-5.1/kvm-ppc-book3s-hv-restore-sprg3-in-kvmhv_p9_guest_entry.patch new file mode 100644 index 00000000000..e430be5cec3 --- /dev/null +++ b/queue-5.1/kvm-ppc-book3s-hv-restore-sprg3-in-kvmhv_p9_guest_entry.patch @@ -0,0 +1,39 @@ +From d724c9e54939a597592de3659541da11fc7aa112 Mon Sep 17 00:00:00 2001 +From: Suraj Jitindar Singh +Date: Thu, 30 May 2019 12:17:18 +1000 +Subject: KVM: PPC: Book3S HV: Restore SPRG3 in kvmhv_p9_guest_entry() + +From: Suraj Jitindar Singh + +commit d724c9e54939a597592de3659541da11fc7aa112 upstream. + +The sprgs are a set of 4 general purpose sprs provided for software use. +SPRG3 is special in that it can also be read from userspace. Thus it is +used on linux to store the cpu and numa id of the process to speed up +syscall access to this information. + +This register is overwritten with the guest value on kvm guest entry, +and so needs to be restored on exit again. Thus restore the value on +the guest exit path in kvmhv_p9_guest_entry(). + +Cc: stable@vger.kernel.org # v4.20+ +Fixes: 95a6432ce9038 ("KVM: PPC: Book3S HV: Streamlined guest entry/exit path on P9 for radix guests") + +Signed-off-by: Suraj Jitindar Singh +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_hv.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/powerpc/kvm/book3s_hv.c ++++ b/arch/powerpc/kvm/book3s_hv.c +@@ -3624,6 +3624,7 @@ int kvmhv_p9_guest_entry(struct kvm_vcpu + vc->in_guest = 0; + + mtspr(SPRN_DEC, local_paca->kvm_hstate.dec_expires - mftb()); ++ mtspr(SPRN_SPRG_VDSO_WRITE, local_paca->sprg_vdso); + + kvmhv_load_host_pmu(); + diff --git a/queue-5.1/kvm-ppc-book3s-hv-xive-do-not-clear-irq-data-of-passthrough-interrupts.patch b/queue-5.1/kvm-ppc-book3s-hv-xive-do-not-clear-irq-data-of-passthrough-interrupts.patch new file mode 100644 index 00000000000..9acdc42adb5 --- /dev/null +++ b/queue-5.1/kvm-ppc-book3s-hv-xive-do-not-clear-irq-data-of-passthrough-interrupts.patch @@ -0,0 +1,99 @@ +From ef9740204051d0e00f5402fe96cf3a43ddd2bbbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= +Date: Tue, 28 May 2019 14:17:15 +0200 +Subject: KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Cédric Le Goater + +commit ef9740204051d0e00f5402fe96cf3a43ddd2bbbf upstream. + +The passthrough interrupts are defined at the host level and their IRQ +data should not be cleared unless specifically deconfigured (shutdown) +by the host. They differ from the IPI interrupts which are allocated +by the XIVE KVM device and reserved to the guest usage only. + +This fixes a host crash when destroying a VM in which a PCI adapter +was passed-through. In this case, the interrupt is cleared and freed +by the KVM device and then shutdown by vfio at the host level. + +[ 1007.360265] BUG: Kernel NULL pointer dereference at 0x00000d00 +[ 1007.360285] Faulting instruction address: 0xc00000000009da34 +[ 1007.360296] Oops: Kernel access of bad area, sig: 7 [#1] +[ 1007.360303] LE PAGE_SIZE=64K MMU=Radix MMU=Hash SMP NR_CPUS=2048 NUMA PowerNV +[ 1007.360314] Modules linked in: vhost_net vhost iptable_mangle ipt_MASQUERADE iptable_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv4 ipt_REJECT nf_reject_ipv4 tun bridge stp llc kvm_hv kvm xt_tcpudp iptable_filter squashfs fuse binfmt_misc vmx_crypto ib_iser rdma_cm iw_cm ib_cm libiscsi scsi_transport_iscsi nfsd ip_tables x_tables autofs4 btrfs zstd_decompress zstd_compress lzo_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq multipath mlx5_ib ib_uverbs ib_core crc32c_vpmsum mlx5_core +[ 1007.360425] CPU: 9 PID: 15576 Comm: CPU 18/KVM Kdump: loaded Not tainted 5.1.0-gad7e7d0ef #4 +[ 1007.360454] NIP: c00000000009da34 LR: c00000000009e50c CTR: c00000000009e5d0 +[ 1007.360482] REGS: c000007f24ccf330 TRAP: 0300 Not tainted (5.1.0-gad7e7d0ef) +[ 1007.360500] MSR: 900000000280b033 CR: 24002484 XER: 00000000 +[ 1007.360532] CFAR: c00000000009da10 DAR: 0000000000000d00 DSISR: 00080000 IRQMASK: 1 +[ 1007.360532] GPR00: c00000000009e62c c000007f24ccf5c0 c000000001510600 c000007fe7f947c0 +[ 1007.360532] GPR04: 0000000000000d00 0000000000000000 0000000000000000 c000005eff02d200 +[ 1007.360532] GPR08: 0000000000400000 0000000000000000 0000000000000000 fffffffffffffffd +[ 1007.360532] GPR12: c00000000009e5d0 c000007fffff7b00 0000000000000031 000000012c345718 +[ 1007.360532] GPR16: 0000000000000000 0000000000000008 0000000000418004 0000000000040100 +[ 1007.360532] GPR20: 0000000000000000 0000000008430000 00000000003c0000 0000000000000027 +[ 1007.360532] GPR24: 00000000000000ff 0000000000000000 00000000000000ff c000007faa90d98c +[ 1007.360532] GPR28: c000007faa90da40 00000000000fe040 ffffffffffffffff c000007fe7f947c0 +[ 1007.360689] NIP [c00000000009da34] xive_esb_read+0x34/0x120 +[ 1007.360706] LR [c00000000009e50c] xive_do_source_set_mask.part.0+0x2c/0x50 +[ 1007.360732] Call Trace: +[ 1007.360738] [c000007f24ccf5c0] [c000000000a6383c] snooze_loop+0x15c/0x270 (unreliable) +[ 1007.360775] [c000007f24ccf5f0] [c00000000009e62c] xive_irq_shutdown+0x5c/0xe0 +[ 1007.360795] [c000007f24ccf630] [c00000000019e4a0] irq_shutdown+0x60/0xe0 +[ 1007.360813] [c000007f24ccf660] [c000000000198c44] __free_irq+0x3a4/0x420 +[ 1007.360831] [c000007f24ccf700] [c000000000198dc8] free_irq+0x78/0xe0 +[ 1007.360849] [c000007f24ccf730] [c00000000096c5a8] vfio_msi_set_vector_signal+0xa8/0x350 +[ 1007.360878] [c000007f24ccf7f0] [c00000000096c938] vfio_msi_set_block+0xe8/0x1e0 +[ 1007.360899] [c000007f24ccf850] [c00000000096cae0] vfio_msi_disable+0xb0/0x110 +[ 1007.360912] [c000007f24ccf8a0] [c00000000096cd04] vfio_pci_set_msi_trigger+0x1c4/0x3d0 +[ 1007.360922] [c000007f24ccf910] [c00000000096d910] vfio_pci_set_irqs_ioctl+0xa0/0x170 +[ 1007.360941] [c000007f24ccf930] [c00000000096b400] vfio_pci_disable+0x80/0x5e0 +[ 1007.360963] [c000007f24ccfa10] [c00000000096b9bc] vfio_pci_release+0x5c/0x90 +[ 1007.360991] [c000007f24ccfa40] [c000000000963a9c] vfio_device_fops_release+0x3c/0x70 +[ 1007.361012] [c000007f24ccfa70] [c0000000003b5668] __fput+0xc8/0x2b0 +[ 1007.361040] [c000007f24ccfac0] [c0000000001409b0] task_work_run+0x140/0x1b0 +[ 1007.361059] [c000007f24ccfb20] [c000000000118f8c] do_exit+0x3ac/0xd00 +[ 1007.361076] [c000007f24ccfc00] [c0000000001199b0] do_group_exit+0x60/0x100 +[ 1007.361094] [c000007f24ccfc40] [c00000000012b514] get_signal+0x1a4/0x8f0 +[ 1007.361112] [c000007f24ccfd30] [c000000000021cc8] do_notify_resume+0x1a8/0x430 +[ 1007.361141] [c000007f24ccfe20] [c00000000000e444] ret_from_except_lite+0x70/0x74 +[ 1007.361159] Instruction dump: +[ 1007.361175] 38422c00 e9230000 712a0004 41820010 548a2036 7d442378 78840020 71290020 +[ 1007.361194] 4082004c e9230010 7c892214 7c0004ac 0c090000 4c00012c 792a0022 + +Cc: stable@vger.kernel.org # v4.12+ +Fixes: 5af50993850a ("KVM: PPC: Book3S HV: Native usage of the XIVE interrupt controller") +Signed-off-by: Cédric Le Goater +Signed-off-by: Greg Kurz +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_xive.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kvm/book3s_xive.c ++++ b/arch/powerpc/kvm/book3s_xive.c +@@ -1786,7 +1786,6 @@ static void kvmppc_xive_cleanup_irq(u32 + { + xive_vm_esb_load(xd, XIVE_ESB_SET_PQ_01); + xive_native_configure_irq(hw_num, 0, MASKED, 0); +- xive_cleanup_irq_data(xd); + } + + static void kvmppc_xive_free_sources(struct kvmppc_xive_src_block *sb) +@@ -1800,9 +1799,10 @@ static void kvmppc_xive_free_sources(str + continue; + + kvmppc_xive_cleanup_irq(state->ipi_number, &state->ipi_data); ++ xive_cleanup_irq_data(&state->ipi_data); + xive_native_free_irq(state->ipi_number); + +- /* Pass-through, cleanup too */ ++ /* Pass-through, cleanup too but keep IRQ hw data */ + if (state->pt_number) + kvmppc_xive_cleanup_irq(state->pt_number, state->pt_data); + diff --git a/queue-5.1/powerpc-kexec-fix-loading-of-kernel-initramfs-with-kexec_file_load.patch b/queue-5.1/powerpc-kexec-fix-loading-of-kernel-initramfs-with-kexec_file_load.patch new file mode 100644 index 00000000000..7e0ffadb933 --- /dev/null +++ b/queue-5.1/powerpc-kexec-fix-loading-of-kernel-initramfs-with-kexec_file_load.patch @@ -0,0 +1,72 @@ +From 8b909e3548706cbebc0a676067b81aadda57f47e Mon Sep 17 00:00:00 2001 +From: Thiago Jung Bauermann +Date: Wed, 22 May 2019 19:01:58 -0300 +Subject: powerpc/kexec: Fix loading of kernel + initramfs with kexec_file_load() + +From: Thiago Jung Bauermann + +commit 8b909e3548706cbebc0a676067b81aadda57f47e upstream. + +Commit b6664ba42f14 ("s390, kexec_file: drop arch_kexec_mem_walk()") +changed kexec_add_buffer() to skip searching for a memory location if +kexec_buf.mem is already set, and use the address that is there. + +In powerpc code we reuse a kexec_buf variable for loading both the +kernel and the initramfs by resetting some of the fields between those +uses, but not mem. This causes kexec_add_buffer() to try to load the +kernel at the same address where initramfs will be loaded, which is +naturally rejected: + + # kexec -s -l --initrd initramfs vmlinuz + kexec_file_load failed: Invalid argument + +Setting the mem field before every call to kexec_add_buffer() fixes +this regression. + +Fixes: b6664ba42f14 ("s390, kexec_file: drop arch_kexec_mem_walk()") +Cc: stable@vger.kernel.org # v5.0+ +Signed-off-by: Thiago Jung Bauermann +Reviewed-by: Dave Young +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/kexec_elf_64.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/kexec_elf_64.c ++++ b/arch/powerpc/kernel/kexec_elf_64.c +@@ -547,6 +547,7 @@ static int elf_exec_load(struct kimage * + kbuf.memsz = phdr->p_memsz; + kbuf.buf_align = phdr->p_align; + kbuf.buf_min = phdr->p_paddr + base; ++ kbuf.mem = KEXEC_BUF_MEM_UNKNOWN; + ret = kexec_add_buffer(&kbuf); + if (ret) + goto out; +@@ -581,7 +582,8 @@ static void *elf64_load(struct kimage *i + struct kexec_buf kbuf = { .image = image, .buf_min = 0, + .buf_max = ppc64_rma_size }; + struct kexec_buf pbuf = { .image = image, .buf_min = 0, +- .buf_max = ppc64_rma_size, .top_down = true }; ++ .buf_max = ppc64_rma_size, .top_down = true, ++ .mem = KEXEC_BUF_MEM_UNKNOWN }; + + ret = build_elf_exec_info(kernel_buf, kernel_len, &ehdr, &elf_info); + if (ret) +@@ -606,6 +608,7 @@ static void *elf64_load(struct kimage *i + kbuf.bufsz = kbuf.memsz = initrd_len; + kbuf.buf_align = PAGE_SIZE; + kbuf.top_down = false; ++ kbuf.mem = KEXEC_BUF_MEM_UNKNOWN; + ret = kexec_add_buffer(&kbuf); + if (ret) + goto out; +@@ -638,6 +641,7 @@ static void *elf64_load(struct kimage *i + kbuf.bufsz = kbuf.memsz = fdt_size; + kbuf.buf_align = PAGE_SIZE; + kbuf.top_down = true; ++ kbuf.mem = KEXEC_BUF_MEM_UNKNOWN; + ret = kexec_add_buffer(&kbuf); + if (ret) + goto out; diff --git a/queue-5.1/powerpc-perf-fix-mmcra-corruption-by-bhrb_filter.patch b/queue-5.1/powerpc-perf-fix-mmcra-corruption-by-bhrb_filter.patch new file mode 100644 index 00000000000..93080e97973 --- /dev/null +++ b/queue-5.1/powerpc-perf-fix-mmcra-corruption-by-bhrb_filter.patch @@ -0,0 +1,106 @@ +From 3202e35ec1c8fc19cea24253ff83edf702a60a02 Mon Sep 17 00:00:00 2001 +From: Ravi Bangoria +Date: Sat, 11 May 2019 08:12:17 +0530 +Subject: powerpc/perf: Fix MMCRA corruption by bhrb_filter + +From: Ravi Bangoria + +commit 3202e35ec1c8fc19cea24253ff83edf702a60a02 upstream. + +Consider a scenario where user creates two events: + + 1st event: + attr.sample_type |= PERF_SAMPLE_BRANCH_STACK; + attr.branch_sample_type = PERF_SAMPLE_BRANCH_ANY; + fd = perf_event_open(attr, 0, 1, -1, 0); + + This sets cpuhw->bhrb_filter to 0 and returns valid fd. + + 2nd event: + attr.sample_type |= PERF_SAMPLE_BRANCH_STACK; + attr.branch_sample_type = PERF_SAMPLE_BRANCH_CALL; + fd = perf_event_open(attr, 0, 1, -1, 0); + + It overrides cpuhw->bhrb_filter to -1 and returns with error. + +Now if power_pmu_enable() gets called by any path other than +power_pmu_add(), ppmu->config_bhrb(-1) will set MMCRA to -1. + +Fixes: 3925f46bb590 ("powerpc/perf: Enable branch stack sampling framework") +Cc: stable@vger.kernel.org # v3.10+ +Signed-off-by: Ravi Bangoria +Reviewed-by: Madhavan Srinivasan +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/perf/core-book3s.c | 6 ++++-- + arch/powerpc/perf/power8-pmu.c | 3 +++ + arch/powerpc/perf/power9-pmu.c | 3 +++ + 3 files changed, 10 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/perf/core-book3s.c ++++ b/arch/powerpc/perf/core-book3s.c +@@ -1846,6 +1846,7 @@ static int power_pmu_event_init(struct p + int n; + int err; + struct cpu_hw_events *cpuhw; ++ u64 bhrb_filter; + + if (!ppmu) + return -ENOENT; +@@ -1951,13 +1952,14 @@ static int power_pmu_event_init(struct p + err = power_check_constraints(cpuhw, events, cflags, n + 1); + + if (has_branch_stack(event)) { +- cpuhw->bhrb_filter = ppmu->bhrb_filter_map( ++ bhrb_filter = ppmu->bhrb_filter_map( + event->attr.branch_sample_type); + +- if (cpuhw->bhrb_filter == -1) { ++ if (bhrb_filter == -1) { + put_cpu_var(cpu_hw_events); + return -EOPNOTSUPP; + } ++ cpuhw->bhrb_filter = bhrb_filter; + } + + put_cpu_var(cpu_hw_events); +--- a/arch/powerpc/perf/power8-pmu.c ++++ b/arch/powerpc/perf/power8-pmu.c +@@ -29,6 +29,7 @@ enum { + #define POWER8_MMCRA_IFM1 0x0000000040000000UL + #define POWER8_MMCRA_IFM2 0x0000000080000000UL + #define POWER8_MMCRA_IFM3 0x00000000C0000000UL ++#define POWER8_MMCRA_BHRB_MASK 0x00000000C0000000UL + + /* + * Raw event encoding for PowerISA v2.07 (Power8): +@@ -243,6 +244,8 @@ static u64 power8_bhrb_filter_map(u64 br + + static void power8_config_bhrb(u64 pmu_bhrb_filter) + { ++ pmu_bhrb_filter &= POWER8_MMCRA_BHRB_MASK; ++ + /* Enable BHRB filter in PMU */ + mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter)); + } +--- a/arch/powerpc/perf/power9-pmu.c ++++ b/arch/powerpc/perf/power9-pmu.c +@@ -92,6 +92,7 @@ enum { + #define POWER9_MMCRA_IFM1 0x0000000040000000UL + #define POWER9_MMCRA_IFM2 0x0000000080000000UL + #define POWER9_MMCRA_IFM3 0x00000000C0000000UL ++#define POWER9_MMCRA_BHRB_MASK 0x00000000C0000000UL + + /* Nasty Power9 specific hack */ + #define PVR_POWER9_CUMULUS 0x00002000 +@@ -300,6 +301,8 @@ static u64 power9_bhrb_filter_map(u64 br + + static void power9_config_bhrb(u64 pmu_bhrb_filter) + { ++ pmu_bhrb_filter &= POWER9_MMCRA_BHRB_MASK; ++ + /* Enable BHRB filter in PMU */ + mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter)); + } diff --git a/queue-5.1/s390-crypto-fix-gcm-aes-s390-selftest-failures.patch b/queue-5.1/s390-crypto-fix-gcm-aes-s390-selftest-failures.patch new file mode 100644 index 00000000000..6a849766da9 --- /dev/null +++ b/queue-5.1/s390-crypto-fix-gcm-aes-s390-selftest-failures.patch @@ -0,0 +1,258 @@ +From bef9f0ba300a55d79a69aa172156072182176515 Mon Sep 17 00:00:00 2001 +From: Harald Freudenberger +Date: Thu, 23 May 2019 16:18:25 +0200 +Subject: s390/crypto: fix gcm-aes-s390 selftest failures + +From: Harald Freudenberger + +commit bef9f0ba300a55d79a69aa172156072182176515 upstream. + +The current kernel uses improved crypto selftests. These +tests showed that the current implementation of gcm-aes-s390 +is not able to deal with chunks of output buffers which are +not a multiple of 16 bytes. This patch introduces a rework +of the gcm aes s390 scatter walk handling which now is able +to handle any input and output scatter list chunk sizes +correctly. + +Code has been verified by the crypto selftests, the tcrypt +kernel module and additional tests ran via the af_alg interface. + +Cc: +Reported-by: Julian Wiedmann +Reviewed-by: Patrick Steuer +Signed-off-by: Harald Freudenberger +Signed-off-by: Heiko Carstens +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/crypto/aes_s390.c | 148 +++++++++++++++++++++++++++++++------------- + 1 file changed, 107 insertions(+), 41 deletions(-) + +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -826,19 +826,45 @@ static int gcm_aes_setauthsize(struct cr + return 0; + } + +-static void gcm_sg_walk_start(struct gcm_sg_walk *gw, struct scatterlist *sg, +- unsigned int len) ++static void gcm_walk_start(struct gcm_sg_walk *gw, struct scatterlist *sg, ++ unsigned int len) + { + memset(gw, 0, sizeof(*gw)); + gw->walk_bytes_remain = len; + scatterwalk_start(&gw->walk, sg); + } + +-static int gcm_sg_walk_go(struct gcm_sg_walk *gw, unsigned int minbytesneeded) ++static inline unsigned int _gcm_sg_clamp_and_map(struct gcm_sg_walk *gw) ++{ ++ struct scatterlist *nextsg; ++ ++ gw->walk_bytes = scatterwalk_clamp(&gw->walk, gw->walk_bytes_remain); ++ while (!gw->walk_bytes) { ++ nextsg = sg_next(gw->walk.sg); ++ if (!nextsg) ++ return 0; ++ scatterwalk_start(&gw->walk, nextsg); ++ gw->walk_bytes = scatterwalk_clamp(&gw->walk, ++ gw->walk_bytes_remain); ++ } ++ gw->walk_ptr = scatterwalk_map(&gw->walk); ++ return gw->walk_bytes; ++} ++ ++static inline void _gcm_sg_unmap_and_advance(struct gcm_sg_walk *gw, ++ unsigned int nbytes) ++{ ++ gw->walk_bytes_remain -= nbytes; ++ scatterwalk_unmap(&gw->walk); ++ scatterwalk_advance(&gw->walk, nbytes); ++ scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain); ++ gw->walk_ptr = NULL; ++} ++ ++static int gcm_in_walk_go(struct gcm_sg_walk *gw, unsigned int minbytesneeded) + { + int n; + +- /* minbytesneeded <= AES_BLOCK_SIZE */ + if (gw->buf_bytes && gw->buf_bytes >= minbytesneeded) { + gw->ptr = gw->buf; + gw->nbytes = gw->buf_bytes; +@@ -851,13 +877,11 @@ static int gcm_sg_walk_go(struct gcm_sg_ + goto out; + } + +- gw->walk_bytes = scatterwalk_clamp(&gw->walk, gw->walk_bytes_remain); +- if (!gw->walk_bytes) { +- scatterwalk_start(&gw->walk, sg_next(gw->walk.sg)); +- gw->walk_bytes = scatterwalk_clamp(&gw->walk, +- gw->walk_bytes_remain); ++ if (!_gcm_sg_clamp_and_map(gw)) { ++ gw->ptr = NULL; ++ gw->nbytes = 0; ++ goto out; + } +- gw->walk_ptr = scatterwalk_map(&gw->walk); + + if (!gw->buf_bytes && gw->walk_bytes >= minbytesneeded) { + gw->ptr = gw->walk_ptr; +@@ -869,51 +893,90 @@ static int gcm_sg_walk_go(struct gcm_sg_ + n = min(gw->walk_bytes, AES_BLOCK_SIZE - gw->buf_bytes); + memcpy(gw->buf + gw->buf_bytes, gw->walk_ptr, n); + gw->buf_bytes += n; +- gw->walk_bytes_remain -= n; +- scatterwalk_unmap(&gw->walk); +- scatterwalk_advance(&gw->walk, n); +- scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain); +- ++ _gcm_sg_unmap_and_advance(gw, n); + if (gw->buf_bytes >= minbytesneeded) { + gw->ptr = gw->buf; + gw->nbytes = gw->buf_bytes; + goto out; + } +- +- gw->walk_bytes = scatterwalk_clamp(&gw->walk, +- gw->walk_bytes_remain); +- if (!gw->walk_bytes) { +- scatterwalk_start(&gw->walk, sg_next(gw->walk.sg)); +- gw->walk_bytes = scatterwalk_clamp(&gw->walk, +- gw->walk_bytes_remain); ++ if (!_gcm_sg_clamp_and_map(gw)) { ++ gw->ptr = NULL; ++ gw->nbytes = 0; ++ goto out; + } +- gw->walk_ptr = scatterwalk_map(&gw->walk); + } + + out: + return gw->nbytes; + } + +-static void gcm_sg_walk_done(struct gcm_sg_walk *gw, unsigned int bytesdone) ++static int gcm_out_walk_go(struct gcm_sg_walk *gw, unsigned int minbytesneeded) + { +- int n; ++ if (gw->walk_bytes_remain == 0) { ++ gw->ptr = NULL; ++ gw->nbytes = 0; ++ goto out; ++ } ++ ++ if (!_gcm_sg_clamp_and_map(gw)) { ++ gw->ptr = NULL; ++ gw->nbytes = 0; ++ goto out; ++ } + ++ if (gw->walk_bytes >= minbytesneeded) { ++ gw->ptr = gw->walk_ptr; ++ gw->nbytes = gw->walk_bytes; ++ goto out; ++ } ++ ++ scatterwalk_unmap(&gw->walk); ++ gw->walk_ptr = NULL; ++ ++ gw->ptr = gw->buf; ++ gw->nbytes = sizeof(gw->buf); ++ ++out: ++ return gw->nbytes; ++} ++ ++static int gcm_in_walk_done(struct gcm_sg_walk *gw, unsigned int bytesdone) ++{ + if (gw->ptr == NULL) +- return; ++ return 0; + + if (gw->ptr == gw->buf) { +- n = gw->buf_bytes - bytesdone; ++ int n = gw->buf_bytes - bytesdone; + if (n > 0) { + memmove(gw->buf, gw->buf + bytesdone, n); +- gw->buf_bytes -= n; ++ gw->buf_bytes = n; + } else + gw->buf_bytes = 0; +- } else { +- gw->walk_bytes_remain -= bytesdone; +- scatterwalk_unmap(&gw->walk); +- scatterwalk_advance(&gw->walk, bytesdone); +- scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain); +- } ++ } else ++ _gcm_sg_unmap_and_advance(gw, bytesdone); ++ ++ return bytesdone; ++} ++ ++static int gcm_out_walk_done(struct gcm_sg_walk *gw, unsigned int bytesdone) ++{ ++ int i, n; ++ ++ if (gw->ptr == NULL) ++ return 0; ++ ++ if (gw->ptr == gw->buf) { ++ for (i = 0; i < bytesdone; i += n) { ++ if (!_gcm_sg_clamp_and_map(gw)) ++ return i; ++ n = min(gw->walk_bytes, bytesdone - i); ++ memcpy(gw->walk_ptr, gw->buf + i, n); ++ _gcm_sg_unmap_and_advance(gw, n); ++ } ++ } else ++ _gcm_sg_unmap_and_advance(gw, bytesdone); ++ ++ return bytesdone; + } + + static int gcm_aes_crypt(struct aead_request *req, unsigned int flags) +@@ -926,7 +989,7 @@ static int gcm_aes_crypt(struct aead_req + unsigned int pclen = req->cryptlen; + int ret = 0; + +- unsigned int len, in_bytes, out_bytes, ++ unsigned int n, len, in_bytes, out_bytes, + min_bytes, bytes, aad_bytes, pc_bytes; + struct gcm_sg_walk gw_in, gw_out; + u8 tag[GHASH_DIGEST_SIZE]; +@@ -963,14 +1026,14 @@ static int gcm_aes_crypt(struct aead_req + *(u32 *)(param.j0 + ivsize) = 1; + memcpy(param.k, ctx->key, ctx->key_len); + +- gcm_sg_walk_start(&gw_in, req->src, len); +- gcm_sg_walk_start(&gw_out, req->dst, len); ++ gcm_walk_start(&gw_in, req->src, len); ++ gcm_walk_start(&gw_out, req->dst, len); + + do { + min_bytes = min_t(unsigned int, + aadlen > 0 ? aadlen : pclen, AES_BLOCK_SIZE); +- in_bytes = gcm_sg_walk_go(&gw_in, min_bytes); +- out_bytes = gcm_sg_walk_go(&gw_out, min_bytes); ++ in_bytes = gcm_in_walk_go(&gw_in, min_bytes); ++ out_bytes = gcm_out_walk_go(&gw_out, min_bytes); + bytes = min(in_bytes, out_bytes); + + if (aadlen + pclen <= bytes) { +@@ -997,8 +1060,11 @@ static int gcm_aes_crypt(struct aead_req + gw_in.ptr + aad_bytes, pc_bytes, + gw_in.ptr, aad_bytes); + +- gcm_sg_walk_done(&gw_in, aad_bytes + pc_bytes); +- gcm_sg_walk_done(&gw_out, aad_bytes + pc_bytes); ++ n = aad_bytes + pc_bytes; ++ if (gcm_in_walk_done(&gw_in, n) != n) ++ return -ENOMEM; ++ if (gcm_out_walk_done(&gw_out, n) != n) ++ return -ENOMEM; + aadlen -= aad_bytes; + pclen -= pc_bytes; + } while (aadlen + pclen > 0); diff --git a/queue-5.1/s390-crypto-fix-possible-sleep-during-spinlock-aquired.patch b/queue-5.1/s390-crypto-fix-possible-sleep-during-spinlock-aquired.patch new file mode 100644 index 00000000000..07ea40f2d00 --- /dev/null +++ b/queue-5.1/s390-crypto-fix-possible-sleep-during-spinlock-aquired.patch @@ -0,0 +1,104 @@ +From 1c2c7029c008922d4d48902cc386250502e73d51 Mon Sep 17 00:00:00 2001 +From: Harald Freudenberger +Date: Mon, 27 May 2019 15:24:20 +0200 +Subject: s390/crypto: fix possible sleep during spinlock aquired + +From: Harald Freudenberger + +commit 1c2c7029c008922d4d48902cc386250502e73d51 upstream. + +This patch fixes a complain about possible sleep during +spinlock aquired +"BUG: sleeping function called from invalid context at +include/crypto/algapi.h:426" +for the ctr(aes) and ctr(des) s390 specific ciphers. + +Instead of using a spinlock this patch introduces a mutex +which is save to be held in sleeping context. Please note +a deadlock is not possible as mutex_trylock() is used. + +Signed-off-by: Harald Freudenberger +Reported-by: Julian Wiedmann +Cc: stable@vger.kernel.org +Signed-off-by: Heiko Carstens +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/crypto/aes_s390.c | 8 ++++---- + arch/s390/crypto/des_s390.c | 7 ++++--- + 2 files changed, 8 insertions(+), 7 deletions(-) + +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -27,14 +27,14 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include + #include + + static u8 *ctrblk; +-static DEFINE_SPINLOCK(ctrblk_lock); ++static DEFINE_MUTEX(ctrblk_lock); + + static cpacf_mask_t km_functions, kmc_functions, kmctr_functions, + kma_functions; +@@ -698,7 +698,7 @@ static int ctr_aes_crypt(struct blkciphe + unsigned int n, nbytes; + int ret, locked; + +- locked = spin_trylock(&ctrblk_lock); ++ locked = mutex_trylock(&ctrblk_lock); + + ret = blkcipher_walk_virt_block(desc, walk, AES_BLOCK_SIZE); + while ((nbytes = walk->nbytes) >= AES_BLOCK_SIZE) { +@@ -716,7 +716,7 @@ static int ctr_aes_crypt(struct blkciphe + ret = blkcipher_walk_done(desc, walk, nbytes - n); + } + if (locked) +- spin_unlock(&ctrblk_lock); ++ mutex_unlock(&ctrblk_lock); + /* + * final block may be < AES_BLOCK_SIZE, copy only nbytes + */ +--- a/arch/s390/crypto/des_s390.c ++++ b/arch/s390/crypto/des_s390.c +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -21,7 +22,7 @@ + #define DES3_KEY_SIZE (3 * DES_KEY_SIZE) + + static u8 *ctrblk; +-static DEFINE_SPINLOCK(ctrblk_lock); ++static DEFINE_MUTEX(ctrblk_lock); + + static cpacf_mask_t km_functions, kmc_functions, kmctr_functions; + +@@ -387,7 +388,7 @@ static int ctr_desall_crypt(struct blkci + unsigned int n, nbytes; + int ret, locked; + +- locked = spin_trylock(&ctrblk_lock); ++ locked = mutex_trylock(&ctrblk_lock); + + ret = blkcipher_walk_virt_block(desc, walk, DES_BLOCK_SIZE); + while ((nbytes = walk->nbytes) >= DES_BLOCK_SIZE) { +@@ -404,7 +405,7 @@ static int ctr_desall_crypt(struct blkci + ret = blkcipher_walk_done(desc, walk, nbytes - n); + } + if (locked) +- spin_unlock(&ctrblk_lock); ++ mutex_unlock(&ctrblk_lock); + /* final block may be < DES_BLOCK_SIZE, copy only nbytes */ + if (nbytes) { + cpacf_kmctr(fc, ctx->key, buf, walk->src.virt.addr, diff --git a/queue-5.1/series b/queue-5.1/series index 27ef1e17331..f21694d9c3d 100644 --- a/queue-5.1/series +++ b/queue-5.1/series @@ -25,3 +25,17 @@ btrfs-correct-zstd-workspace-manager-lock-to-use-spin_lock_bh.patch btrfs-qgroup-check-bg-while-resuming-relocation-to-avoid-null-pointer-dereference.patch btrfs-incremental-send-fix-file-corruption-when-no-holes-feature-is-enabled.patch btrfs-reloc-also-queue-orphan-reloc-tree-for-cleanup-to-avoid-bug_on.patch +iio-dac-ds4422-ds4424-fix-chip-verification.patch +iio-adc-ads124-avoid-buffer-overflow.patch +iio-adc-modify-npcm-adc-read-reference-voltage.patch +iio-adc-ti-ads8688-fix-timestamp-is-not-updated-in-buffer.patch +s390-crypto-fix-gcm-aes-s390-selftest-failures.patch +s390-crypto-fix-possible-sleep-during-spinlock-aquired.patch +kvm-ppc-book3s-hv-xive-do-not-clear-irq-data-of-passthrough-interrupts.patch +kvm-ppc-book3s-hv-fix-lockdep-warning-when-entering-guest-on-power9.patch +kvm-ppc-book3s-hv-restore-sprg3-in-kvmhv_p9_guest_entry.patch +powerpc-perf-fix-mmcra-corruption-by-bhrb_filter.patch +powerpc-kexec-fix-loading-of-kernel-initramfs-with-kexec_file_load.patch +alsa-line6-assure-canceling-delayed-work-at-disconnection.patch +alsa-hda-realtek-set-default-power-save-node-to-0.patch +alsa-hda-realtek-improve-the-headset-mic-for-acer-aspire-laptops.patch