From: Greg Kroah-Hartman Date: Sun, 20 Feb 2022 11:38:27 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.9.303~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7b69ddae5f471a7a9f67a9fde3ac07e4c06b9f30;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: alsa-hda-fix-missing-codec-probe-on-shenker-dock-15.patch alsa-hda-fix-regression-on-forced-probe-mask-option.patch alsa-hda-realtek-add-quirk-for-legion-y9000x-2019.patch alsa-hda-realtek-fix-deadlock-by-coef-mutex.patch asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw.patch asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw_range.patch kvm-svm-never-reject-emulation-due-to-smap-errata-for-sev-guests.patch mtd-rawnand-gpmi-don-t-leak-pm-reference-in-error-path.patch optee-use-driver-internal-tee_context-for-some-rpc.patch powerpc-lib-sstep-fix-ptesync-build-error.patch tee-export-teedev_open-and-teedev_close_context.patch --- diff --git a/queue-5.10/alsa-hda-fix-missing-codec-probe-on-shenker-dock-15.patch b/queue-5.10/alsa-hda-fix-missing-codec-probe-on-shenker-dock-15.patch new file mode 100644 index 00000000000..69e94cb1c23 --- /dev/null +++ b/queue-5.10/alsa-hda-fix-missing-codec-probe-on-shenker-dock-15.patch @@ -0,0 +1,33 @@ +From dd8e5b161d7fb9cefa1f1d6e35a39b9e1563c8d3 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 14 Feb 2022 11:00:20 +0100 +Subject: ALSA: hda: Fix missing codec probe on Shenker Dock 15 + +From: Takashi Iwai + +commit dd8e5b161d7fb9cefa1f1d6e35a39b9e1563c8d3 upstream. + +By some unknown reason, BIOS on Shenker Dock 15 doesn't set up the +codec mask properly for the onboard audio. Let's set the forced codec +mask to enable the codec discovery. + +Reported-by: dmummenschanz@web.de +Cc: +Link: https://lore.kernel.org/r/trinity-f018660b-95c9-442b-a2a8-c92a56eb07ed-1644345967148@3c-app-webde-bap22 +Link: https://lore.kernel.org/r/20220214100020.8870-2-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/hda_intel.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -1652,6 +1652,7 @@ static const struct snd_pci_quirk probe_ + /* forced codec slots */ + SND_PCI_QUIRK(0x1043, 0x1262, "ASUS W5Fm", 0x103), + SND_PCI_QUIRK(0x1046, 0x1262, "ASUS W5F", 0x103), ++ SND_PCI_QUIRK(0x1558, 0x0351, "Schenker Dock 15", 0x105), + /* WinFast VP200 H (Teradici) user reported broken communication */ + SND_PCI_QUIRK(0x3a21, 0x040d, "WinFast VP200 H", 0x101), + {} diff --git a/queue-5.10/alsa-hda-fix-regression-on-forced-probe-mask-option.patch b/queue-5.10/alsa-hda-fix-regression-on-forced-probe-mask-option.patch new file mode 100644 index 00000000000..7505a190834 --- /dev/null +++ b/queue-5.10/alsa-hda-fix-regression-on-forced-probe-mask-option.patch @@ -0,0 +1,45 @@ +From 6317f7449348a897483a2b4841f7a9190745c81b Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 14 Feb 2022 11:00:19 +0100 +Subject: ALSA: hda: Fix regression on forced probe mask option + +From: Takashi Iwai + +commit 6317f7449348a897483a2b4841f7a9190745c81b upstream. + +The forced probe mask via probe_mask 0x100 bit doesn't work any longer +as expected since the bus init code was moved and it's clearing the +codec_mask value that was set beforehand. This patch fixes the +long-time regression by moving the check_probe_mask() call. + +Fixes: a41d122449be ("ALSA: hda - Embed bus into controller object") +Reported-by: dmummenschanz@web.de +Cc: +Link: https://lore.kernel.org/r/trinity-f018660b-95c9-442b-a2a8-c92a56eb07ed-1644345967148@3c-app-webde-bap22 +Link: https://lore.kernel.org/r/20220214100020.8870-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/hda_intel.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -1837,8 +1837,6 @@ static int azx_create(struct snd_card *c + + assign_position_fix(chip, check_position_fix(chip, position_fix[dev])); + +- check_probe_mask(chip, dev); +- + if (single_cmd < 0) /* allow fallback to single_cmd at errors */ + chip->fallback_to_single_cmd = 1; + else /* explicitly set to single_cmd or not */ +@@ -1866,6 +1864,8 @@ static int azx_create(struct snd_card *c + chip->bus.core.needs_damn_long_delay = 1; + } + ++ check_probe_mask(chip, dev); ++ + err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops); + if (err < 0) { + dev_err(card->dev, "Error creating device [card]!\n"); diff --git a/queue-5.10/alsa-hda-realtek-add-quirk-for-legion-y9000x-2019.patch b/queue-5.10/alsa-hda-realtek-add-quirk-for-legion-y9000x-2019.patch new file mode 100644 index 00000000000..fff2bc85540 --- /dev/null +++ b/queue-5.10/alsa-hda-realtek-add-quirk-for-legion-y9000x-2019.patch @@ -0,0 +1,32 @@ +From c07f2c7b45413a9e50ba78630fda04ecfa17b4f2 Mon Sep 17 00:00:00 2001 +From: Yu Huang +Date: Sun, 13 Feb 2022 00:08:33 +0800 +Subject: ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 + +From: Yu Huang + +commit c07f2c7b45413a9e50ba78630fda04ecfa17b4f2 upstream. + +Legion Y9000X 2019 has the same speaker with Y9000X 2020, +but with a different quirk address. Add one quirk entry +to make the speaker work on Y9000X 2019 too. + +Signed-off-by: Yu Huang +Cc: +Link: https://lore.kernel.org/r/20220212160835.165065-1-diwang90@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8948,6 +8948,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x17aa, 0x3824, "Legion Y9000X 2020", ALC285_FIXUP_LEGION_Y9000X_SPEAKERS), + SND_PCI_QUIRK(0x17aa, 0x3827, "Ideapad S740", ALC285_FIXUP_IDEAPAD_S740_COEF), + SND_PCI_QUIRK(0x17aa, 0x3834, "Lenovo IdeaPad Slim 9i 14ITL5", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS), ++ SND_PCI_QUIRK(0x17aa, 0x383d, "Legion Y9000X 2019", ALC285_FIXUP_LEGION_Y9000X_SPEAKERS), + SND_PCI_QUIRK(0x17aa, 0x3843, "Yoga 9i", ALC287_FIXUP_IDEAPAD_BASS_SPK_AMP), + SND_PCI_QUIRK(0x17aa, 0x384a, "Lenovo Yoga 7 15ITL5", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS), + SND_PCI_QUIRK(0x17aa, 0x3852, "Lenovo Yoga 7 14ITL5", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS), diff --git a/queue-5.10/alsa-hda-realtek-fix-deadlock-by-coef-mutex.patch b/queue-5.10/alsa-hda-realtek-fix-deadlock-by-coef-mutex.patch new file mode 100644 index 00000000000..4f03312c895 --- /dev/null +++ b/queue-5.10/alsa-hda-realtek-fix-deadlock-by-coef-mutex.patch @@ -0,0 +1,118 @@ +From 2a845837e3d0ddaed493b4c5c4643d7f0542804d Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 14 Feb 2022 14:04:10 +0100 +Subject: ALSA: hda/realtek: Fix deadlock by COEF mutex + +From: Takashi Iwai + +commit 2a845837e3d0ddaed493b4c5c4643d7f0542804d upstream. + +The recently introduced coef_mutex for Realtek codec seems causing a +deadlock when the relevant code is invoked from the power-off state; +then the HD-audio core tries to power-up internally, and this kicks +off the codec runtime PM code that tries to take the same coef_mutex. + +In order to avoid the deadlock, do the temporary power up/down around +the coef_mutex acquisition and release. This assures that the +power-up sequence runs before the mutex, hence no re-entrance will +happen. + +Fixes: b837a9f5ab3b ("ALSA: hda: realtek: Fix race at concurrent COEF updates") +Reported-and-tested-by: Julian Wollrath +Cc: +Link: https://lore.kernel.org/r/20220214132838.4db10fca@schienar +Link: https://lore.kernel.org/r/20220214130410.21230-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 39 ++++++++++++++++++++++++--------------- + 1 file changed, 24 insertions(+), 15 deletions(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -134,6 +134,22 @@ struct alc_spec { + * COEF access helper functions + */ + ++static void coef_mutex_lock(struct hda_codec *codec) ++{ ++ struct alc_spec *spec = codec->spec; ++ ++ snd_hda_power_up_pm(codec); ++ mutex_lock(&spec->coef_mutex); ++} ++ ++static void coef_mutex_unlock(struct hda_codec *codec) ++{ ++ struct alc_spec *spec = codec->spec; ++ ++ mutex_unlock(&spec->coef_mutex); ++ snd_hda_power_down_pm(codec); ++} ++ + static int __alc_read_coefex_idx(struct hda_codec *codec, hda_nid_t nid, + unsigned int coef_idx) + { +@@ -147,12 +163,11 @@ static int __alc_read_coefex_idx(struct + static int alc_read_coefex_idx(struct hda_codec *codec, hda_nid_t nid, + unsigned int coef_idx) + { +- struct alc_spec *spec = codec->spec; + unsigned int val; + +- mutex_lock(&spec->coef_mutex); ++ coef_mutex_lock(codec); + val = __alc_read_coefex_idx(codec, nid, coef_idx); +- mutex_unlock(&spec->coef_mutex); ++ coef_mutex_unlock(codec); + return val; + } + +@@ -169,11 +184,9 @@ static void __alc_write_coefex_idx(struc + static void alc_write_coefex_idx(struct hda_codec *codec, hda_nid_t nid, + unsigned int coef_idx, unsigned int coef_val) + { +- struct alc_spec *spec = codec->spec; +- +- mutex_lock(&spec->coef_mutex); ++ coef_mutex_lock(codec); + __alc_write_coefex_idx(codec, nid, coef_idx, coef_val); +- mutex_unlock(&spec->coef_mutex); ++ coef_mutex_unlock(codec); + } + + #define alc_write_coef_idx(codec, coef_idx, coef_val) \ +@@ -194,11 +207,9 @@ static void alc_update_coefex_idx(struct + unsigned int coef_idx, unsigned int mask, + unsigned int bits_set) + { +- struct alc_spec *spec = codec->spec; +- +- mutex_lock(&spec->coef_mutex); ++ coef_mutex_lock(codec); + __alc_update_coefex_idx(codec, nid, coef_idx, mask, bits_set); +- mutex_unlock(&spec->coef_mutex); ++ coef_mutex_unlock(codec); + } + + #define alc_update_coef_idx(codec, coef_idx, mask, bits_set) \ +@@ -231,9 +242,7 @@ struct coef_fw { + static void alc_process_coef_fw(struct hda_codec *codec, + const struct coef_fw *fw) + { +- struct alc_spec *spec = codec->spec; +- +- mutex_lock(&spec->coef_mutex); ++ coef_mutex_lock(codec); + for (; fw->nid; fw++) { + if (fw->mask == (unsigned short)-1) + __alc_write_coefex_idx(codec, fw->nid, fw->idx, fw->val); +@@ -241,7 +250,7 @@ static void alc_process_coef_fw(struct h + __alc_update_coefex_idx(codec, fw->nid, fw->idx, + fw->mask, fw->val); + } +- mutex_unlock(&spec->coef_mutex); ++ coef_mutex_unlock(codec); + } + + /* diff --git a/queue-5.10/asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw.patch b/queue-5.10/asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw.patch new file mode 100644 index 00000000000..25ba113de55 --- /dev/null +++ b/queue-5.10/asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw.patch @@ -0,0 +1,56 @@ +From 564778d7b1ea465f9487eedeece7527a033549c5 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Tue, 1 Feb 2022 15:56:26 +0000 +Subject: ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() + +From: Mark Brown + +commit 564778d7b1ea465f9487eedeece7527a033549c5 upstream. + +When writing out a stereo control we discard the change notification from +the first channel, meaning that events are only generated based on changes +to the second channel. Ensure that we report a change if either channel +has changed. + +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220201155629.120510-2-broonie@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/soc-ops.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -308,7 +308,7 @@ int snd_soc_put_volsw(struct snd_kcontro + unsigned int sign_bit = mc->sign_bit; + unsigned int mask = (1 << fls(max)) - 1; + unsigned int invert = mc->invert; +- int err; ++ int err, ret; + bool type_2r = false; + unsigned int val2 = 0; + unsigned int val, val_mask; +@@ -350,12 +350,18 @@ int snd_soc_put_volsw(struct snd_kcontro + err = snd_soc_component_update_bits(component, reg, val_mask, val); + if (err < 0) + return err; ++ ret = err; + +- if (type_2r) ++ if (type_2r) { + err = snd_soc_component_update_bits(component, reg2, val_mask, +- val2); ++ val2); ++ /* Don't discard any error code or drop change flag */ ++ if (ret == 0 || err < 0) { ++ ret = err; ++ } ++ } + +- return err; ++ return ret; + } + EXPORT_SYMBOL_GPL(snd_soc_put_volsw); + diff --git a/queue-5.10/asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw_range.patch b/queue-5.10/asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw_range.patch new file mode 100644 index 00000000000..e355c8a5ced --- /dev/null +++ b/queue-5.10/asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw_range.patch @@ -0,0 +1,62 @@ +From 650204ded3703b5817bd4b6a77fa47d333c4f902 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Tue, 1 Feb 2022 15:56:28 +0000 +Subject: ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() + +From: Mark Brown + +commit 650204ded3703b5817bd4b6a77fa47d333c4f902 upstream. + +When writing out a stereo control we discard the change notification from +the first channel, meaning that events are only generated based on changes +to the second channel. Ensure that we report a change if either channel +has changed. + +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220201155629.120510-4-broonie@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/soc-ops.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -510,7 +510,7 @@ int snd_soc_put_volsw_range(struct snd_k + unsigned int mask = (1 << fls(max)) - 1; + unsigned int invert = mc->invert; + unsigned int val, val_mask; +- int ret; ++ int err, ret; + + if (invert) + val = (max - ucontrol->value.integer.value[0]) & mask; +@@ -519,9 +519,10 @@ int snd_soc_put_volsw_range(struct snd_k + val_mask = mask << shift; + val = val << shift; + +- ret = snd_soc_component_update_bits(component, reg, val_mask, val); +- if (ret < 0) +- return ret; ++ err = snd_soc_component_update_bits(component, reg, val_mask, val); ++ if (err < 0) ++ return err; ++ ret = err; + + if (snd_soc_volsw_is_stereo(mc)) { + if (invert) +@@ -531,8 +532,12 @@ int snd_soc_put_volsw_range(struct snd_k + val_mask = mask << shift; + val = val << shift; + +- ret = snd_soc_component_update_bits(component, rreg, val_mask, ++ err = snd_soc_component_update_bits(component, rreg, val_mask, + val); ++ /* Don't discard any error code or drop change flag */ ++ if (ret == 0 || err < 0) { ++ ret = err; ++ } + } + + return ret; diff --git a/queue-5.10/kvm-svm-never-reject-emulation-due-to-smap-errata-for-sev-guests.patch b/queue-5.10/kvm-svm-never-reject-emulation-due-to-smap-errata-for-sev-guests.patch new file mode 100644 index 00000000000..e58a022e228 --- /dev/null +++ b/queue-5.10/kvm-svm-never-reject-emulation-due-to-smap-errata-for-sev-guests.patch @@ -0,0 +1,53 @@ +From 55467fcd55b89c622e62b4afe60ac0eb2fae91f2 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 20 Jan 2022 01:07:11 +0000 +Subject: KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests + +From: Sean Christopherson + +commit 55467fcd55b89c622e62b4afe60ac0eb2fae91f2 upstream. + +Always signal that emulation is possible for !SEV guests regardless of +whether or not the CPU provided a valid instruction byte stream. KVM can +read all guest state (memory and registers) for !SEV guests, i.e. can +fetch the code stream from memory even if the CPU failed to do so because +of the SMAP errata. + +Fixes: 05d5a4863525 ("KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)") +Cc: stable@vger.kernel.org +Cc: Tom Lendacky +Cc: Brijesh Singh +Signed-off-by: Sean Christopherson +Reviewed-by: Liam Merwick +Message-Id: <20220120010719.711476-2-seanjc@google.com> +Signed-off-by: Paolo Bonzini +[jwang: adjust context for kernel 5.10.101] +Signed-off-by: Jack Wang +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/svm/svm.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/arch/x86/kvm/svm/svm.c ++++ b/arch/x86/kvm/svm/svm.c +@@ -4103,6 +4103,10 @@ static bool svm_can_emulate_instruction( + bool smep, smap, is_user; + unsigned long cr4; + ++ /* Emulation is always possible when KVM has access to all guest state. */ ++ if (!sev_guest(vcpu->kvm)) ++ return true; ++ + /* + * Detect and workaround Errata 1096 Fam_17h_00_0Fh. + * +@@ -4151,9 +4155,6 @@ static bool svm_can_emulate_instruction( + smap = cr4 & X86_CR4_SMAP; + is_user = svm_get_cpl(vcpu) == 3; + if (smap && (!smep || is_user)) { +- if (!sev_guest(vcpu->kvm)) +- return true; +- + pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n"); + + /* diff --git a/queue-5.10/mtd-rawnand-gpmi-don-t-leak-pm-reference-in-error-path.patch b/queue-5.10/mtd-rawnand-gpmi-don-t-leak-pm-reference-in-error-path.patch new file mode 100644 index 00000000000..f5308cc6da8 --- /dev/null +++ b/queue-5.10/mtd-rawnand-gpmi-don-t-leak-pm-reference-in-error-path.patch @@ -0,0 +1,42 @@ +From 9161f365c91614e5a3f5c6dcc44c3b1b33bc59c0 Mon Sep 17 00:00:00 2001 +From: Christian Eggers +Date: Tue, 25 Jan 2022 09:16:19 +0100 +Subject: mtd: rawnand: gpmi: don't leak PM reference in error path + +From: Christian Eggers + +commit 9161f365c91614e5a3f5c6dcc44c3b1b33bc59c0 upstream. + +If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be +dropped. + +Reported-by: Pavel Machek +Fixes: f53d4c109a66 ("mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings") +Signed-off-by: Christian Eggers +Cc: stable@vger.kernel.org +Signed-off-by: Miquel Raynal +Link: https://lore.kernel.org/linux-mtd/20220125081619.6286-1-ceggers@arri.de +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c ++++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c +@@ -2291,7 +2291,7 @@ static int gpmi_nfc_exec_op(struct nand_ + this->hw.must_apply_timings = false; + ret = gpmi_nfc_apply_timings(this); + if (ret) +- return ret; ++ goto out_pm; + } + + dev_dbg(this->dev, "%s: %d instructions\n", __func__, op->ninstrs); +@@ -2420,6 +2420,7 @@ unmap: + + this->bch = false; + ++out_pm: + pm_runtime_mark_last_busy(this->dev); + pm_runtime_put_autosuspend(this->dev); + diff --git a/queue-5.10/optee-use-driver-internal-tee_context-for-some-rpc.patch b/queue-5.10/optee-use-driver-internal-tee_context-for-some-rpc.patch new file mode 100644 index 00000000000..05aa271555f --- /dev/null +++ b/queue-5.10/optee-use-driver-internal-tee_context-for-some-rpc.patch @@ -0,0 +1,130 @@ +From aceeafefff736057e8f93f19bbfbef26abd94604 Mon Sep 17 00:00:00 2001 +From: Jens Wiklander +Date: Thu, 27 Jan 2022 15:29:39 +0100 +Subject: optee: use driver internal tee_context for some rpc + +From: Jens Wiklander + +commit aceeafefff736057e8f93f19bbfbef26abd94604 upstream. + +Adds a driver private tee_context by moving the tee_context in struct +optee_notif to struct optee. This tee_context was previously used when +doing internal calls to secure world to deliver notification. + +The new driver internal tee_context is now also when allocating driver +private shared memory. This decouples the shared memory object from its +original tee_context. This is needed when the life time of such a memory +allocation outlives the client tee_context. + +This patch fixes the problem described below: + +The addition of a shutdown hook by commit f25889f93184 ("optee: fix tee out +of memory failure seen during kexec reboot") introduced a kernel shutdown +regression that can be triggered after running the OP-TEE xtest suites. + +Once the shutdown hook is called it is not possible to communicate any more +with the supplicant process because the system is not scheduling task any +longer. Thus if the optee driver shutdown path receives a supplicant RPC +request from the OP-TEE we will deadlock the kernel's shutdown. + +Fixes: f25889f93184 ("optee: fix tee out of memory failure seen during kexec reboot") +Fixes: 217e0250cccb ("tee: use reference counting for tee_context") +Reported-by: Lars Persson +Cc: stable@vger.kernel.org +Reviewed-by: Sumit Garg +[JW: backport to 5.10-stable] +Signed-off-by: Jens Wiklander +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tee/optee/core.c | 8 ++++++++ + drivers/tee/optee/optee_private.h | 2 ++ + drivers/tee/optee/rpc.c | 8 +++++--- + 3 files changed, 15 insertions(+), 3 deletions(-) + +--- a/drivers/tee/optee/core.c ++++ b/drivers/tee/optee/core.c +@@ -588,6 +588,7 @@ static int optee_remove(struct platform_ + /* Unregister OP-TEE specific client devices on TEE bus */ + optee_unregister_devices(); + ++ teedev_close_context(optee->ctx); + /* + * Ask OP-TEE to free all cached shared memory objects to decrease + * reference counters and also avoid wild pointers in secure world +@@ -633,6 +634,7 @@ static int optee_probe(struct platform_d + struct optee *optee = NULL; + void *memremaped_shm = NULL; + struct tee_device *teedev; ++ struct tee_context *ctx; + u32 sec_caps; + int rc; + +@@ -719,6 +721,12 @@ static int optee_probe(struct platform_d + optee_supp_init(&optee->supp); + optee->memremaped_shm = memremaped_shm; + optee->pool = pool; ++ ctx = teedev_open(optee->teedev); ++ if (IS_ERR(ctx)) { ++ rc = rc = PTR_ERR(ctx); ++ goto err; ++ } ++ optee->ctx = ctx; + + /* + * Ensure that there are no pre-existing shm objects before enabling +--- a/drivers/tee/optee/optee_private.h ++++ b/drivers/tee/optee/optee_private.h +@@ -70,6 +70,7 @@ struct optee_supp { + * struct optee - main service struct + * @supp_teedev: supplicant device + * @teedev: client device ++ * @ctx: driver internal TEE context + * @invoke_fn: function to issue smc or hvc + * @call_queue: queue of threads waiting to call @invoke_fn + * @wait_queue: queue of threads from secure world waiting for a +@@ -87,6 +88,7 @@ struct optee { + struct tee_device *supp_teedev; + struct tee_device *teedev; + optee_invoke_fn *invoke_fn; ++ struct tee_context *ctx; + struct optee_call_queue call_queue; + struct optee_wait_queue wait_queue; + struct optee_supp supp; +--- a/drivers/tee/optee/rpc.c ++++ b/drivers/tee/optee/rpc.c +@@ -284,6 +284,7 @@ static struct tee_shm *cmd_alloc_suppl(s + } + + static void handle_rpc_func_cmd_shm_alloc(struct tee_context *ctx, ++ struct optee *optee, + struct optee_msg_arg *arg, + struct optee_call_ctx *call_ctx) + { +@@ -313,7 +314,8 @@ static void handle_rpc_func_cmd_shm_allo + shm = cmd_alloc_suppl(ctx, sz); + break; + case OPTEE_MSG_RPC_SHM_TYPE_KERNEL: +- shm = tee_shm_alloc(ctx, sz, TEE_SHM_MAPPED | TEE_SHM_PRIV); ++ shm = tee_shm_alloc(optee->ctx, sz, ++ TEE_SHM_MAPPED | TEE_SHM_PRIV); + break; + default: + arg->ret = TEEC_ERROR_BAD_PARAMETERS; +@@ -470,7 +472,7 @@ static void handle_rpc_func_cmd(struct t + break; + case OPTEE_MSG_RPC_CMD_SHM_ALLOC: + free_pages_list(call_ctx); +- handle_rpc_func_cmd_shm_alloc(ctx, arg, call_ctx); ++ handle_rpc_func_cmd_shm_alloc(ctx, optee, arg, call_ctx); + break; + case OPTEE_MSG_RPC_CMD_SHM_FREE: + handle_rpc_func_cmd_shm_free(ctx, arg); +@@ -501,7 +503,7 @@ void optee_handle_rpc(struct tee_context + + switch (OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)) { + case OPTEE_SMC_RPC_FUNC_ALLOC: +- shm = tee_shm_alloc(ctx, param->a1, ++ shm = tee_shm_alloc(optee->ctx, param->a1, + TEE_SHM_MAPPED | TEE_SHM_PRIV); + if (!IS_ERR(shm) && !tee_shm_get_pa(shm, 0, &pa)) { + reg_pair_from_64(¶m->a1, ¶m->a2, pa); diff --git a/queue-5.10/powerpc-lib-sstep-fix-ptesync-build-error.patch b/queue-5.10/powerpc-lib-sstep-fix-ptesync-build-error.patch new file mode 100644 index 00000000000..e401d667804 --- /dev/null +++ b/queue-5.10/powerpc-lib-sstep-fix-ptesync-build-error.patch @@ -0,0 +1,56 @@ +From fe663df7825811358531dc2e8a52d9eaa5e3515e Mon Sep 17 00:00:00 2001 +From: Anders Roxell +Date: Fri, 11 Feb 2022 01:51:13 +0100 +Subject: powerpc/lib/sstep: fix 'ptesync' build error + +From: Anders Roxell + +commit fe663df7825811358531dc2e8a52d9eaa5e3515e upstream. + +Building tinyconfig with gcc (Debian 11.2.0-16) and assembler (Debian +2.37.90.20220207) the following build error shows up: + + {standard input}: Assembler messages: + {standard input}:2088: Error: unrecognized opcode: `ptesync' + make[3]: *** [/builds/linux/scripts/Makefile.build:287: arch/powerpc/lib/sstep.o] Error 1 + +Add the 'ifdef CONFIG_PPC64' around the 'ptesync' in function +'emulate_update_regs()' to like it is in 'analyse_instr()'. Since it looks like +it got dropped inadvertently by commit 3cdfcbfd32b9 ("powerpc: Change +analyse_instr so it doesn't modify *regs"). + +A key detail is that analyse_instr() will never recognise lwsync or +ptesync on 32-bit (because of the existing ifdef), and as a result +emulate_update_regs() should never be called with an op specifying +either of those on 32-bit. So removing them from emulate_update_regs() +should be a nop in terms of runtime behaviour. + +Fixes: 3cdfcbfd32b9 ("powerpc: Change analyse_instr so it doesn't modify *regs") +Cc: stable@vger.kernel.org # v4.14+ +Suggested-by: Arnd Bergmann +Signed-off-by: Anders Roxell +[mpe: Add last paragraph of change log mentioning analyse_instr() details] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220211005113.1361436-1-anders.roxell@linaro.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/lib/sstep.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/powerpc/lib/sstep.c ++++ b/arch/powerpc/lib/sstep.c +@@ -3062,12 +3062,14 @@ void emulate_update_regs(struct pt_regs + case BARRIER_EIEIO: + eieio(); + break; ++#ifdef CONFIG_PPC64 + case BARRIER_LWSYNC: + asm volatile("lwsync" : : : "memory"); + break; + case BARRIER_PTESYNC: + asm volatile("ptesync" : : : "memory"); + break; ++#endif + } + break; + diff --git a/queue-5.10/series b/queue-5.10/series index 549def33ea6..8a2f037857d 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -66,3 +66,14 @@ libsubcmd-fix-use-after-free-for-realloc-...-0.patch dpaa2-eth-initialize-mutex-used-in-one-step-timestamping-path.patch perf-bpf-defer-freeing-string-after-possible-strlen-on-it.patch selftests-exec-add-non-regular-to-test_gen_progs.patch +alsa-hda-realtek-add-quirk-for-legion-y9000x-2019.patch +alsa-hda-realtek-fix-deadlock-by-coef-mutex.patch +alsa-hda-fix-regression-on-forced-probe-mask-option.patch +alsa-hda-fix-missing-codec-probe-on-shenker-dock-15.patch +asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw.patch +asoc-ops-fix-stereo-change-notifications-in-snd_soc_put_volsw_range.patch +powerpc-lib-sstep-fix-ptesync-build-error.patch +mtd-rawnand-gpmi-don-t-leak-pm-reference-in-error-path.patch +kvm-svm-never-reject-emulation-due-to-smap-errata-for-sev-guests.patch +tee-export-teedev_open-and-teedev_close_context.patch +optee-use-driver-internal-tee_context-for-some-rpc.patch diff --git a/queue-5.10/tee-export-teedev_open-and-teedev_close_context.patch b/queue-5.10/tee-export-teedev_open-and-teedev_close_context.patch new file mode 100644 index 00000000000..6c8401ed1b3 --- /dev/null +++ b/queue-5.10/tee-export-teedev_open-and-teedev_close_context.patch @@ -0,0 +1,76 @@ +From 1e2c3ef0496e72ba9001da5fd1b7ed56ccb30597 Mon Sep 17 00:00:00 2001 +From: Jens Wiklander +Date: Mon, 4 Oct 2021 16:11:52 +0200 +Subject: tee: export teedev_open() and teedev_close_context() + +From: Jens Wiklander + +commit 1e2c3ef0496e72ba9001da5fd1b7ed56ccb30597 upstream. + +Exports the two functions teedev_open() and teedev_close_context() in +order to make it easier to create a driver internal struct tee_context. + +Reviewed-by: Sumit Garg +Signed-off-by: Jens Wiklander +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tee/tee_core.c | 6 ++++-- + include/linux/tee_drv.h | 14 ++++++++++++++ + 2 files changed, 18 insertions(+), 2 deletions(-) + +--- a/drivers/tee/tee_core.c ++++ b/drivers/tee/tee_core.c +@@ -43,7 +43,7 @@ static DEFINE_SPINLOCK(driver_lock); + static struct class *tee_class; + static dev_t tee_devt; + +-static struct tee_context *teedev_open(struct tee_device *teedev) ++struct tee_context *teedev_open(struct tee_device *teedev) + { + int rc; + struct tee_context *ctx; +@@ -70,6 +70,7 @@ err: + return ERR_PTR(rc); + + } ++EXPORT_SYMBOL_GPL(teedev_open); + + void teedev_ctx_get(struct tee_context *ctx) + { +@@ -96,13 +97,14 @@ void teedev_ctx_put(struct tee_context * + kref_put(&ctx->refcount, teedev_ctx_release); + } + +-static void teedev_close_context(struct tee_context *ctx) ++void teedev_close_context(struct tee_context *ctx) + { + struct tee_device *teedev = ctx->teedev; + + teedev_ctx_put(ctx); + tee_device_put(teedev); + } ++EXPORT_SYMBOL_GPL(teedev_close_context); + + static int tee_open(struct inode *inode, struct file *filp) + { +--- a/include/linux/tee_drv.h ++++ b/include/linux/tee_drv.h +@@ -582,4 +582,18 @@ struct tee_client_driver { + #define to_tee_client_driver(d) \ + container_of(d, struct tee_client_driver, driver) + ++/** ++ * teedev_open() - Open a struct tee_device ++ * @teedev: Device to open ++ * ++ * @return a pointer to struct tee_context on success or an ERR_PTR on failure. ++ */ ++struct tee_context *teedev_open(struct tee_device *teedev); ++ ++/** ++ * teedev_close_context() - closes a struct tee_context ++ * @ctx: The struct tee_context to close ++ */ ++void teedev_close_context(struct tee_context *ctx); ++ + #endif /*__TEE_DRV_H*/