From: Greg Kroah-Hartman Date: Thu, 18 Oct 2018 09:13:01 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.18.16~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8707ddde5148bb3294a3c38730fa3ee69d323769;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: clocksource-drivers-ti-32k-add-clock_source_suspend_nonstop-flag-for-non-am43-socs.patch input-atakbd-fix-atari-capslock-behaviour.patch input-atakbd-fix-atari-keymap.patch media-af9035-prevent-buffer-overflow-on-write.patch net-mlx4-use-cpumask_available-for-eq-affinity_mask.patch powerpc-tm-avoid-possible-userspace-r1-corruption-on-reclaim.patch powerpc-tm-fix-userspace-r13-corruption.patch risc-v-include-linux-ftrace.h-in-asm-prototypes.h.patch --- diff --git a/queue-4.4/clocksource-drivers-ti-32k-add-clock_source_suspend_nonstop-flag-for-non-am43-socs.patch b/queue-4.4/clocksource-drivers-ti-32k-add-clock_source_suspend_nonstop-flag-for-non-am43-socs.patch new file mode 100644 index 00000000000..0ffeef9f4bd --- /dev/null +++ b/queue-4.4/clocksource-drivers-ti-32k-add-clock_source_suspend_nonstop-flag-for-non-am43-socs.patch @@ -0,0 +1,34 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: Keerthy +Date: Wed, 8 Aug 2018 18:44:59 +0530 +Subject: clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs + +From: Keerthy + +[ Upstream commit 3b7d96a0dbb6b630878597a1838fc39f808b761b ] + +The 32k clocksource is NONSTOP for non-am43 SoCs. Hence +add the flag for all the other SoCs. + +Reported-by: Tony Lindgren +Signed-off-by: Keerthy +Acked-by: Tony Lindgren +Signed-off-by: Daniel Lezcano +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clocksource/timer-ti-32k.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/clocksource/timer-ti-32k.c ++++ b/drivers/clocksource/timer-ti-32k.c +@@ -98,6 +98,9 @@ static void __init ti_32k_timer_init(str + return; + } + ++ if (!of_machine_is_compatible("ti,am43")) ++ ti_32k_timer.cs.flags |= CLOCK_SOURCE_SUSPEND_NONSTOP; ++ + ti_32k_timer.counter = ti_32k_timer.base; + + /* diff --git a/queue-4.4/input-atakbd-fix-atari-capslock-behaviour.patch b/queue-4.4/input-atakbd-fix-atari-capslock-behaviour.patch new file mode 100644 index 00000000000..e379d37f7ba --- /dev/null +++ b/queue-4.4/input-atakbd-fix-atari-capslock-behaviour.patch @@ -0,0 +1,44 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: Michael Schmitz +Date: Mon, 17 Sep 2018 15:27:49 -0700 +Subject: Input: atakbd - fix Atari CapsLock behaviour + +From: Michael Schmitz + +[ Upstream commit 52d2c7bf7c90217fbe875d2d76f310979c48eb83 ] + +The CapsLock key on Atari keyboards is not a toggle, it does send the +normal make and break scancodes. + +Drop the CapsLock toggle handling code, which did cause the CapsLock +key to merely act as a Shift key. + +Tested-by: Michael Schmitz +Signed-off-by: Michael Schmitz +Signed-off-by: Andreas Schwab +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/keyboard/atakbd.c | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +--- a/drivers/input/keyboard/atakbd.c ++++ b/drivers/input/keyboard/atakbd.c +@@ -189,14 +189,8 @@ static void atakbd_interrupt(unsigned ch + + scancode = atakbd_keycode[scancode]; + +- if (scancode == KEY_CAPSLOCK) { /* CapsLock is a toggle switch key on Amiga */ +- input_report_key(atakbd_dev, scancode, 1); +- input_report_key(atakbd_dev, scancode, 0); +- input_sync(atakbd_dev); +- } else { +- input_report_key(atakbd_dev, scancode, down); +- input_sync(atakbd_dev); +- } ++ input_report_key(atakbd_dev, scancode, down); ++ input_sync(atakbd_dev); + } else /* scancodes >= 0xf3 are mouse data, most likely */ + printk(KERN_INFO "atakbd: unhandled scancode %x\n", scancode); + diff --git a/queue-4.4/input-atakbd-fix-atari-keymap.patch b/queue-4.4/input-atakbd-fix-atari-keymap.patch new file mode 100644 index 00000000000..cdceea5ef50 --- /dev/null +++ b/queue-4.4/input-atakbd-fix-atari-keymap.patch @@ -0,0 +1,133 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: Andreas Schwab +Date: Mon, 17 Sep 2018 12:43:34 -0700 +Subject: Input: atakbd - fix Atari keymap + +From: Andreas Schwab + +[ Upstream commit 9e62df51be993035c577371ffee5477697a56aad ] + +Fix errors in Atari keymap (mostly in keypad, help and undo keys). + +Patch provided on debian-68k ML by Andreas Schwab , +keymap array size and unhandled scancode limit adjusted to 0x73 by me. + +Tested-by: Michael Schmitz +Signed-off-by: Michael Schmitz +Signed-off-by: Andreas Schwab +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/keyboard/atakbd.c | 64 ++++++++++++++++------------------------ + 1 file changed, 26 insertions(+), 38 deletions(-) + +--- a/drivers/input/keyboard/atakbd.c ++++ b/drivers/input/keyboard/atakbd.c +@@ -79,8 +79,7 @@ MODULE_LICENSE("GPL"); + */ + + +-static unsigned char atakbd_keycode[0x72] = { /* American layout */ +- [0] = KEY_GRAVE, ++static unsigned char atakbd_keycode[0x73] = { /* American layout */ + [1] = KEY_ESC, + [2] = KEY_1, + [3] = KEY_2, +@@ -121,9 +120,9 @@ static unsigned char atakbd_keycode[0x72 + [38] = KEY_L, + [39] = KEY_SEMICOLON, + [40] = KEY_APOSTROPHE, +- [41] = KEY_BACKSLASH, /* FIXME, '#' */ ++ [41] = KEY_GRAVE, + [42] = KEY_LEFTSHIFT, +- [43] = KEY_GRAVE, /* FIXME: '~' */ ++ [43] = KEY_BACKSLASH, + [44] = KEY_Z, + [45] = KEY_X, + [46] = KEY_C, +@@ -149,45 +148,34 @@ static unsigned char atakbd_keycode[0x72 + [66] = KEY_F8, + [67] = KEY_F9, + [68] = KEY_F10, +- [69] = KEY_ESC, +- [70] = KEY_DELETE, +- [71] = KEY_KP7, +- [72] = KEY_KP8, +- [73] = KEY_KP9, ++ [71] = KEY_HOME, ++ [72] = KEY_UP, + [74] = KEY_KPMINUS, +- [75] = KEY_KP4, +- [76] = KEY_KP5, +- [77] = KEY_KP6, ++ [75] = KEY_LEFT, ++ [77] = KEY_RIGHT, + [78] = KEY_KPPLUS, +- [79] = KEY_KP1, +- [80] = KEY_KP2, +- [81] = KEY_KP3, +- [82] = KEY_KP0, +- [83] = KEY_KPDOT, +- [90] = KEY_KPLEFTPAREN, +- [91] = KEY_KPRIGHTPAREN, +- [92] = KEY_KPASTERISK, /* FIXME */ +- [93] = KEY_KPASTERISK, +- [94] = KEY_KPPLUS, +- [95] = KEY_HELP, ++ [80] = KEY_DOWN, ++ [82] = KEY_INSERT, ++ [83] = KEY_DELETE, + [96] = KEY_102ND, +- [97] = KEY_KPASTERISK, /* FIXME */ +- [98] = KEY_KPSLASH, ++ [97] = KEY_UNDO, ++ [98] = KEY_HELP, + [99] = KEY_KPLEFTPAREN, + [100] = KEY_KPRIGHTPAREN, + [101] = KEY_KPSLASH, + [102] = KEY_KPASTERISK, +- [103] = KEY_UP, +- [104] = KEY_KPASTERISK, /* FIXME */ +- [105] = KEY_LEFT, +- [106] = KEY_RIGHT, +- [107] = KEY_KPASTERISK, /* FIXME */ +- [108] = KEY_DOWN, +- [109] = KEY_KPASTERISK, /* FIXME */ +- [110] = KEY_KPASTERISK, /* FIXME */ +- [111] = KEY_KPASTERISK, /* FIXME */ +- [112] = KEY_KPASTERISK, /* FIXME */ +- [113] = KEY_KPASTERISK /* FIXME */ ++ [103] = KEY_KP7, ++ [104] = KEY_KP8, ++ [105] = KEY_KP9, ++ [106] = KEY_KP4, ++ [107] = KEY_KP5, ++ [108] = KEY_KP6, ++ [109] = KEY_KP1, ++ [110] = KEY_KP2, ++ [111] = KEY_KP3, ++ [112] = KEY_KP0, ++ [113] = KEY_KPDOT, ++ [114] = KEY_KPENTER, + }; + + static struct input_dev *atakbd_dev; +@@ -195,7 +183,7 @@ static struct input_dev *atakbd_dev; + static void atakbd_interrupt(unsigned char scancode, char down) + { + +- if (scancode < 0x72) { /* scancodes < 0xf2 are keys */ ++ if (scancode < 0x73) { /* scancodes < 0xf3 are keys */ + + // report raw events here? + +@@ -209,7 +197,7 @@ static void atakbd_interrupt(unsigned ch + input_report_key(atakbd_dev, scancode, down); + input_sync(atakbd_dev); + } +- } else /* scancodes >= 0xf2 are mouse data, most likely */ ++ } else /* scancodes >= 0xf3 are mouse data, most likely */ + printk(KERN_INFO "atakbd: unhandled scancode %x\n", scancode); + + return; diff --git a/queue-4.4/media-af9035-prevent-buffer-overflow-on-write.patch b/queue-4.4/media-af9035-prevent-buffer-overflow-on-write.patch new file mode 100644 index 00000000000..8e00bc3a3e5 --- /dev/null +++ b/queue-4.4/media-af9035-prevent-buffer-overflow-on-write.patch @@ -0,0 +1,40 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: Jozef Balga +Date: Tue, 21 Aug 2018 05:01:04 -0400 +Subject: media: af9035: prevent buffer overflow on write + +From: Jozef Balga + +[ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] + +When less than 3 bytes are written to the device, memcpy is called with +negative array size which leads to buffer overflow and kernel panic. This +patch adds a condition and returns -EOPNOTSUPP instead. +Fixes bugzilla issue 64871 + +[mchehab+samsung@kernel.org: fix a merge conflict and changed the + condition to match the patch's comment, e. g. len == 3 could + also be valid] +Signed-off-by: Jozef Balga +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/media/usb/dvb-usb-v2/af9035.c ++++ b/drivers/media/usb/dvb-usb-v2/af9035.c +@@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct + msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) + reg |= 0x100000; + +- ret = af9035_wr_regs(d, reg, &msg[0].buf[3], +- msg[0].len - 3); ++ ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, ++ &msg[0].buf[3], ++ msg[0].len - 3) ++ : -EOPNOTSUPP; + } else { + /* I2C write */ + u8 buf[MAX_XFER_SIZE]; diff --git a/queue-4.4/net-mlx4-use-cpumask_available-for-eq-affinity_mask.patch b/queue-4.4/net-mlx4-use-cpumask_available-for-eq-affinity_mask.patch new file mode 100644 index 00000000000..fdccb8ebe02 --- /dev/null +++ b/queue-4.4/net-mlx4-use-cpumask_available-for-eq-affinity_mask.patch @@ -0,0 +1,44 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: Nathan Chancellor +Date: Fri, 21 Sep 2018 02:44:12 -0700 +Subject: net/mlx4: Use cpumask_available for eq->affinity_mask + +From: Nathan Chancellor + +[ Upstream commit 8ac1ee6f4d62e781e3b3fd8b9c42b70371427669 ] + +Clang warns that the address of a pointer will always evaluated as true +in a boolean context: + +drivers/net/ethernet/mellanox/mlx4/eq.c:243:11: warning: address of +array 'eq->affinity_mask' will always evaluate to 'true' +[-Wpointer-bool-conversion] + if (!eq->affinity_mask || cpumask_empty(eq->affinity_mask)) + ~~~~~^~~~~~~~~~~~~ +1 warning generated. + +Use cpumask_available, introduced in commit f7e30f01a9e2 ("cpumask: Add +helper cpumask_available()"), which does the proper checking and avoids +this warning. + +Link: https://github.com/ClangBuiltLinux/linux/issues/86 +Signed-off-by: Nathan Chancellor +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx4/eq.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/mellanox/mlx4/eq.c ++++ b/drivers/net/ethernet/mellanox/mlx4/eq.c +@@ -228,7 +228,8 @@ static void mlx4_set_eq_affinity_hint(st + struct mlx4_dev *dev = &priv->dev; + struct mlx4_eq *eq = &priv->eq_table.eq[vec]; + +- if (!eq->affinity_mask || cpumask_empty(eq->affinity_mask)) ++ if (!cpumask_available(eq->affinity_mask) || ++ cpumask_empty(eq->affinity_mask)) + return; + + hint_err = irq_set_affinity_hint(eq->irq, eq->affinity_mask); diff --git a/queue-4.4/powerpc-tm-avoid-possible-userspace-r1-corruption-on-reclaim.patch b/queue-4.4/powerpc-tm-avoid-possible-userspace-r1-corruption-on-reclaim.patch new file mode 100644 index 00000000000..8aa86840a1a --- /dev/null +++ b/queue-4.4/powerpc-tm-avoid-possible-userspace-r1-corruption-on-reclaim.patch @@ -0,0 +1,59 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: Michael Neuling +Date: Tue, 25 Sep 2018 19:36:47 +1000 +Subject: powerpc/tm: Avoid possible userspace r1 corruption on reclaim + +From: Michael Neuling + +[ Upstream commit 96dc89d526ef77604376f06220e3d2931a0bfd58 ] + +Current we store the userspace r1 to PACATMSCRATCH before finally +saving it to the thread struct. + +In theory an exception could be taken here (like a machine check or +SLB miss) that could write PACATMSCRATCH and hence corrupt the +userspace r1. The SLB fault currently doesn't touch PACATMSCRATCH, but +others do. + +We've never actually seen this happen but it's theoretically +possible. Either way, the code is fragile as it is. + +This patch saves r1 to the kernel stack (which can't fault) before we +turn MSR[RI] back on. PACATMSCRATCH is still used but only with +MSR[RI] off. We then copy r1 from the kernel stack to the thread +struct once we have MSR[RI] back on. + +Suggested-by: Breno Leitao +Signed-off-by: Michael Neuling +Signed-off-by: Michael Ellerman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/tm.S | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/tm.S ++++ b/arch/powerpc/kernel/tm.S +@@ -202,6 +202,13 @@ dont_backup_fp: + std r11, GPR11(r1) /* Temporary stash */ + + /* ++ * Move the saved user r1 to the kernel stack in case PACATMSCRATCH is ++ * clobbered by an exception once we turn on MSR_RI below. ++ */ ++ ld r11, PACATMSCRATCH(r13) ++ std r11, GPR1(r1) ++ ++ /* + * Store r13 away so we can free up the scratch SPR for the SLB fault + * handler (needed once we start accessing the thread_struct). + */ +@@ -237,7 +244,7 @@ dont_backup_fp: + SAVE_GPR(8, r7) /* user r8 */ + SAVE_GPR(9, r7) /* user r9 */ + SAVE_GPR(10, r7) /* user r10 */ +- ld r3, PACATMSCRATCH(r13) /* user r1 */ ++ ld r3, GPR1(r1) /* user r1 */ + ld r4, GPR7(r1) /* user r7 */ + ld r5, GPR11(r1) /* user r11 */ + ld r6, GPR12(r1) /* user r12 */ diff --git a/queue-4.4/powerpc-tm-fix-userspace-r13-corruption.patch b/queue-4.4/powerpc-tm-fix-userspace-r13-corruption.patch new file mode 100644 index 00000000000..bc3baf5fd69 --- /dev/null +++ b/queue-4.4/powerpc-tm-fix-userspace-r13-corruption.patch @@ -0,0 +1,64 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: Michael Neuling +Date: Mon, 24 Sep 2018 17:27:04 +1000 +Subject: powerpc/tm: Fix userspace r13 corruption + +From: Michael Neuling + +[ Upstream commit cf13435b730a502e814c63c84d93db131e563f5f ] + +When we treclaim we store the userspace checkpointed r13 to a scratch +SPR and then later save the scratch SPR to the user thread struct. + +Unfortunately, this doesn't work as accessing the user thread struct +can take an SLB fault and the SLB fault handler will write the same +scratch SPRG that now contains the userspace r13. + +To fix this, we store r13 to the kernel stack (which can't fault) +before we access the user thread struct. + +Found by running P8 guest + powervm + disable_1tb_segments + TM. Seen +as a random userspace segfault with r13 looking like a kernel address. + +Signed-off-by: Michael Neuling +Reviewed-by: Breno Leitao +Signed-off-by: Michael Ellerman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/tm.S | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kernel/tm.S ++++ b/arch/powerpc/kernel/tm.S +@@ -199,13 +199,20 @@ dont_backup_fp: + std r1, PACATMSCRATCH(r13) + ld r1, PACAR1(r13) + +- /* Store the PPR in r11 and reset to decent value */ + std r11, GPR11(r1) /* Temporary stash */ + ++ /* ++ * Store r13 away so we can free up the scratch SPR for the SLB fault ++ * handler (needed once we start accessing the thread_struct). ++ */ ++ GET_SCRATCH0(r11) ++ std r11, GPR13(r1) ++ + /* Reset MSR RI so we can take SLB faults again */ + li r11, MSR_RI + mtmsrd r11, 1 + ++ /* Store the PPR in r11 and reset to decent value */ + mfspr r11, SPRN_PPR + HMT_MEDIUM + +@@ -234,7 +241,7 @@ dont_backup_fp: + ld r4, GPR7(r1) /* user r7 */ + ld r5, GPR11(r1) /* user r11 */ + ld r6, GPR12(r1) /* user r12 */ +- GET_SCRATCH0(8) /* user r13 */ ++ ld r8, GPR13(r1) /* user r13 */ + std r3, GPR1(r7) + std r4, GPR7(r7) + std r5, GPR11(r7) diff --git a/queue-4.4/risc-v-include-linux-ftrace.h-in-asm-prototypes.h.patch b/queue-4.4/risc-v-include-linux-ftrace.h-in-asm-prototypes.h.patch new file mode 100644 index 00000000000..fbf03529680 --- /dev/null +++ b/queue-4.4/risc-v-include-linux-ftrace.h-in-asm-prototypes.h.patch @@ -0,0 +1,42 @@ +From foo@baz Thu Oct 18 11:12:46 CEST 2018 +From: James Cowgill +Date: Thu, 6 Sep 2018 22:57:56 +0100 +Subject: RISC-V: include linux/ftrace.h in asm-prototypes.h + +From: James Cowgill + +[ Upstream commit 57a489786de9ec37d6e25ef1305dc337047f0236 ] + +Building a riscv kernel with CONFIG_FUNCTION_TRACER and +CONFIG_MODVERSIONS enabled results in these two warnings: + + MODPOST vmlinux.o +WARNING: EXPORT symbol "return_to_handler" [vmlinux] version generation failed, symbol will not be versioned. +WARNING: EXPORT symbol "_mcount" [vmlinux] version generation failed, symbol will not be versioned. + +When exporting symbols from an assembly file, the MODVERSIONS code +requires their prototypes to be defined in asm-prototypes.h (see +scripts/Makefile.build). Since both of these symbols have prototypes +defined in linux/ftrace.h, include this header from RISC-V's +asm-prototypes.h. + +Reported-by: Karsten Merker +Signed-off-by: James Cowgill +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/asm-prototypes.h | 7 +++++++ + 1 file changed, 7 insertions(+) + create mode 100644 arch/riscv/include/asm/asm-prototypes.h + +--- /dev/null ++++ b/arch/riscv/include/asm/asm-prototypes.h +@@ -0,0 +1,7 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef _ASM_RISCV_PROTOTYPES_H ++ ++#include ++#include ++ ++#endif /* _ASM_RISCV_PROTOTYPES_H */ diff --git a/queue-4.4/series b/queue-4.4/series index 17480187ef5..e5e6ec786f0 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -32,3 +32,11 @@ kvm-x86-remove-eager_fpu-field-of-struct-kvm_vcpu_arch.patch x86-fpu-remove-use_eager_fpu.patch x86-fpu-remove-struct-fpu-counter.patch x86-fpu-finish-excising-eagerfpu.patch +media-af9035-prevent-buffer-overflow-on-write.patch +clocksource-drivers-ti-32k-add-clock_source_suspend_nonstop-flag-for-non-am43-socs.patch +input-atakbd-fix-atari-keymap.patch +input-atakbd-fix-atari-capslock-behaviour.patch +net-mlx4-use-cpumask_available-for-eq-affinity_mask.patch +risc-v-include-linux-ftrace.h-in-asm-prototypes.h.patch +powerpc-tm-fix-userspace-r13-corruption.patch +powerpc-tm-avoid-possible-userspace-r1-corruption-on-reclaim.patch