From: Greg Kroah-Hartman Date: Thu, 5 Jul 2018 16:54:33 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.14.54~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=819edbe1c0148024d8d6b3ab52f09127fb31172f;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: ath10k-fix-rfc1042-header-retrieval-in-qca4019-with-eth-decap-mode.patch i2c-rcar-fix-resume-by-always-initializing-registers-before-transfer.patch ipv4-fix-error-return-value-in-fib_convert_metrics.patch kprobes-x86-do-not-modify-singlestep-buffer-while-resuming.patch --- diff --git a/queue-4.4/ath10k-fix-rfc1042-header-retrieval-in-qca4019-with-eth-decap-mode.patch b/queue-4.4/ath10k-fix-rfc1042-header-retrieval-in-qca4019-with-eth-decap-mode.patch new file mode 100644 index 00000000000..d103a579b34 --- /dev/null +++ b/queue-4.4/ath10k-fix-rfc1042-header-retrieval-in-qca4019-with-eth-decap-mode.patch @@ -0,0 +1,48 @@ +From 2f38c3c01de945234d23dd163e3528ccb413066d Mon Sep 17 00:00:00 2001 +From: Vasanthakumar Thiagarajan +Date: Mon, 26 Sep 2016 21:56:24 +0300 +Subject: ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode + +From: Vasanthakumar Thiagarajan + +commit 2f38c3c01de945234d23dd163e3528ccb413066d upstream. + +Chipset from QCA99X0 onwards (QCA99X0, QCA9984, QCA4019 & future) +rx_hdr_status is not padded to align in 4-byte boundary. Define a +new hw_params field to handle different alignment behaviour between +different hw. This patch fixes improper retrieval of rfc1042 header +with QCA4019. This patch along with "ath10k: Properly remove padding +from the start of rx payload" will fix traffic failure in ethernet +decap mode for QCA4019. + +Signed-off-by: Vasanthakumar Thiagarajan +Signed-off-by: Kalle Valo +[bwh: This just adds the part that was left out of the previous backport, + commit b88fb9ea475a.] +Signed-off-by: Ben Hutchings +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/ath/ath10k/htt_rx.c ++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c +@@ -1166,6 +1166,7 @@ static void *ath10k_htt_rx_h_find_rfc104 + size_t hdr_len, crypto_len; + void *rfc1042; + bool is_first, is_last, is_amsdu; ++ int bytes_aligned = ar->hw_params.decap_align_bytes; + + rxd = (void *)msdu->data - sizeof(*rxd); + hdr = (void *)rxd->rx_hdr_status; +@@ -1182,8 +1183,8 @@ static void *ath10k_htt_rx_h_find_rfc104 + hdr_len = ieee80211_hdrlen(hdr->frame_control); + crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype); + +- rfc1042 += round_up(hdr_len, 4) + +- round_up(crypto_len, 4); ++ rfc1042 += round_up(hdr_len, bytes_aligned) + ++ round_up(crypto_len, bytes_aligned); + } + + if (is_amsdu) diff --git a/queue-4.4/i2c-rcar-fix-resume-by-always-initializing-registers-before-transfer.patch b/queue-4.4/i2c-rcar-fix-resume-by-always-initializing-registers-before-transfer.patch new file mode 100644 index 00000000000..2f98700c632 --- /dev/null +++ b/queue-4.4/i2c-rcar-fix-resume-by-always-initializing-registers-before-transfer.patch @@ -0,0 +1,43 @@ +From ae481cc139658e89eb3ea671dd00b67bd87f01a3 Mon Sep 17 00:00:00 2001 +From: Wolfram Sang +Date: Tue, 18 Apr 2017 20:38:35 +0200 +Subject: i2c: rcar: fix resume by always initializing registers before transfer + +From: Wolfram Sang + +commit ae481cc139658e89eb3ea671dd00b67bd87f01a3 upstream. + +Resume failed because of uninitialized registers. Instead of adding a +resume callback, we simply initialize registers before every transfer. +This lightweight change is more robust and will keep us safe if we ever +need support for power domains or dynamic frequency changes. + +Signed-off-by: Wolfram Sang +Acked-by: Kuninori Morimoto +Signed-off-by: Wolfram Sang +Cc: Ben Hutchings +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-rcar.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-rcar.c ++++ b/drivers/i2c/busses/i2c-rcar.c +@@ -484,6 +484,8 @@ static int rcar_i2c_master_xfer(struct i + + pm_runtime_get_sync(dev); + ++ rcar_i2c_init(priv); ++ + ret = rcar_i2c_bus_barrier(priv); + if (ret < 0) + goto out; +@@ -624,7 +626,6 @@ static int rcar_i2c_probe(struct platfor + if (ret < 0) + goto out_pm_put; + +- rcar_i2c_init(priv); + pm_runtime_put(dev); + + irq = platform_get_irq(pdev, 0); diff --git a/queue-4.4/ipv4-fix-error-return-value-in-fib_convert_metrics.patch b/queue-4.4/ipv4-fix-error-return-value-in-fib_convert_metrics.patch new file mode 100644 index 00000000000..4b94308922b --- /dev/null +++ b/queue-4.4/ipv4-fix-error-return-value-in-fib_convert_metrics.patch @@ -0,0 +1,34 @@ +From ben.hutchings@codethink.co.uk Thu Jul 5 18:24:02 2018 +From: Ben Hutchings +Date: Tue, 19 Jun 2018 18:47:52 +0100 +Subject: ipv4: Fix error return value in fib_convert_metrics() +To: Greg Kroah-Hartman +Cc: stable@vger.kernel.org, Eric Dumazet +Message-ID: <20180619174752.tpvgu5pcvuzwac6c@xylophone.i.decadent.org.uk> +Content-Disposition: inline + +From: Ben Hutchings + +The validation code modified by commit 5b5e7a0de2bb ("net: metrics: +add proper netlink validation") is organised differently in older +kernel versions. The fib_convert_metrics() function that is modified +in the backports to 4.4 and 4.9 needs to returns an error code, not a +success flag. + +Signed-off-by: Ben Hutchings +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/fib_semantics.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/fib_semantics.c ++++ b/net/ipv4/fib_semantics.c +@@ -980,7 +980,7 @@ fib_convert_metrics(struct fib_info *fi, + return -EINVAL; + } else { + if (nla_len(nla) != sizeof(u32)) +- return false; ++ return -EINVAL; + val = nla_get_u32(nla); + } + if (type == RTAX_ADVMSS && val > 65535 - 40) diff --git a/queue-4.4/kprobes-x86-do-not-modify-singlestep-buffer-while-resuming.patch b/queue-4.4/kprobes-x86-do-not-modify-singlestep-buffer-while-resuming.patch new file mode 100644 index 00000000000..cda8903c3c9 --- /dev/null +++ b/queue-4.4/kprobes-x86-do-not-modify-singlestep-buffer-while-resuming.patch @@ -0,0 +1,107 @@ +From 804dec5bda9b4fcdab5f67fe61db4a0498af5221 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Wed, 29 Mar 2017 14:00:25 +0900 +Subject: kprobes/x86: Do not modify singlestep buffer while resuming + +From: Masami Hiramatsu + +commit 804dec5bda9b4fcdab5f67fe61db4a0498af5221 upstream. + +Do not modify singlestep execution buffer (kprobe.ainsn.insn) +while resuming from single-stepping, instead, modifies +the buffer to add a jump back instruction at preparing +buffer. + +Signed-off-by: Masami Hiramatsu +Cc: Ananth N Mavinakayanahalli +Cc: Andrey Ryabinin +Cc: Anil S Keshavamurthy +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: David S . Miller +Cc: Denys Vlasenko +Cc: H. Peter Anvin +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Ye Xiaolong +Link: http://lkml.kernel.org/r/149076361560.22469.1610155860343077495.stgit@devbox +Signed-off-by: Ingo Molnar +Reviewed-by: "Steven Rostedt (VMware)" +Signed-off-by: Alexey Makhalov +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/kprobes/core.c | 42 +++++++++++++++++++---------------------- + 1 file changed, 20 insertions(+), 22 deletions(-) + +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -411,25 +411,38 @@ void free_insn_page(void *page) + module_memfree(page); + } + ++/* Prepare reljump right after instruction to boost */ ++static void prepare_boost(struct kprobe *p, int length) ++{ ++ if (can_boost(p->ainsn.insn, p->addr) && ++ MAX_INSN_SIZE - length >= RELATIVEJUMP_SIZE) { ++ /* ++ * These instructions can be executed directly if it ++ * jumps back to correct address. ++ */ ++ synthesize_reljump(p->ainsn.insn + length, p->addr + length); ++ p->ainsn.boostable = 1; ++ } else { ++ p->ainsn.boostable = -1; ++ } ++} ++ + static int arch_copy_kprobe(struct kprobe *p) + { +- int ret; ++ int len; + + set_memory_rw((unsigned long)p->ainsn.insn & PAGE_MASK, 1); + + /* Copy an instruction with recovering if other optprobe modifies it.*/ +- ret = __copy_instruction(p->ainsn.insn, p->addr); +- if (!ret) ++ len = __copy_instruction(p->ainsn.insn, p->addr); ++ if (!len) + return -EINVAL; + + /* + * __copy_instruction can modify the displacement of the instruction, + * but it doesn't affect boostable check. + */ +- if (can_boost(p->ainsn.insn, p->addr)) +- p->ainsn.boostable = 0; +- else +- p->ainsn.boostable = -1; ++ prepare_boost(p, len); + + set_memory_ro((unsigned long)p->ainsn.insn & PAGE_MASK, 1); + +@@ -894,21 +907,6 @@ static void resume_execution(struct kpro + break; + } + +- if (p->ainsn.boostable == 0) { +- if ((regs->ip > copy_ip) && +- (regs->ip - copy_ip) + 5 < MAX_INSN_SIZE) { +- /* +- * These instructions can be executed directly if it +- * jumps back to correct address. +- */ +- synthesize_reljump((void *)regs->ip, +- (void *)orig_ip + (regs->ip - copy_ip)); +- p->ainsn.boostable = 1; +- } else { +- p->ainsn.boostable = -1; +- } +- } +- + regs->ip += orig_ip - copy_ip; + + no_change: diff --git a/queue-4.4/series b/queue-4.4/series index c6b076b35fb..dd83658af19 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -5,3 +5,7 @@ n_tty-fix-stall-at-n_tty_receive_char_special.patch staging-android-ion-return-an-err_ptr-in-ion_map_kernel.patch n_tty-access-echo_-variables-carefully.patch x86-boot-fix-early-command-line-parsing-when-matching-at-end.patch +ath10k-fix-rfc1042-header-retrieval-in-qca4019-with-eth-decap-mode.patch +i2c-rcar-fix-resume-by-always-initializing-registers-before-transfer.patch +ipv4-fix-error-return-value-in-fib_convert_metrics.patch +kprobes-x86-do-not-modify-singlestep-buffer-while-resuming.patch