From: Sasha Levin Date: Fri, 5 Mar 2021 03:36:48 +0000 (-0500) Subject: Fixes for 4.19 X-Git-Tag: v4.4.260~29 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8741488093fac648f23bc9126d4848a61d255fdd;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-acer-one-s.patch b/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-acer-one-s.patch new file mode 100644 index 00000000000..ad25278b4f6 --- /dev/null +++ b/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-acer-one-s.patch @@ -0,0 +1,55 @@ +From 5a1da4ccdfac9b44f9454282f7472b91ac8958ee Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 16 Feb 2021 22:35:55 +0100 +Subject: ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet + +From: Hans de Goede + +[ Upstream commit c58947af08aedbdee0fce5ea6e6bf3e488ae0e2c ] + +The Acer One S1002 tablet is using an analog mic on IN1 and has +its jack-detect connected to JD2_IN4N, instead of using the default +IN3 for its internal mic and JD1_IN4P for jack-detect. + +Note it is also using AIF2 instead of AIF1 which is somewhat unusual, +this is correctly advertised in the ACPI CHAN package, so the speakers +do work without the quirk. + +Add a quirk for the mic and jack-detect settings. + +Signed-off-by: Hans de Goede +Acked-by: Pierre-Louis Bossart +Link: https://lore.kernel.org/r/20210216213555.36555-5-hdegoede@redhat.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/intel/boards/bytcr_rt5640.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c +index 910214ab140e..8a943de1e5b5 100644 +--- a/sound/soc/intel/boards/bytcr_rt5640.c ++++ b/sound/soc/intel/boards/bytcr_rt5640.c +@@ -409,6 +409,19 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { + BYT_RT5640_SSP0_AIF1 | + BYT_RT5640_MCLK_EN), + }, ++ { /* Acer One 10 S1002 */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Acer"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "One S1002"), ++ }, ++ .driver_data = (void *)(BYT_RT5640_IN1_MAP | ++ BYT_RT5640_JD_SRC_JD2_IN4N | ++ BYT_RT5640_OVCD_TH_2000UA | ++ BYT_RT5640_OVCD_SF_0P75 | ++ BYT_RT5640_DIFF_MIC | ++ BYT_RT5640_SSP0_AIF2 | ++ BYT_RT5640_MCLK_EN), ++ }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Acer"), +-- +2.30.1 + diff --git a/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-estar-beau.patch b/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-estar-beau.patch new file mode 100644 index 00000000000..2cfe45ca544 --- /dev/null +++ b/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-estar-beau.patch @@ -0,0 +1,49 @@ +From a4372d2cc1289f412c75f16b33d918f572c8bc86 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 16 Feb 2021 22:35:52 +0100 +Subject: ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID + 7316R tablet + +From: Hans de Goede + +[ Upstream commit bdea43fc0436c9e98fdfe151c2ed8a3fc7277404 ] + +The Estar Beauty HD MID 7316R tablet almost fully works with out default +settings. The only problem is that it has only 1 speaker so any sounds +only playing on the right channel get lost. + +Add a quirk for this model using the default settings + MONO_SPEAKER. + +Signed-off-by: Hans de Goede +Acked-by: Pierre-Louis Bossart +Link: https://lore.kernel.org/r/20210216213555.36555-2-hdegoede@redhat.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/intel/boards/bytcr_rt5640.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c +index ec630127ef2f..4dd1941d4147 100644 +--- a/sound/soc/intel/boards/bytcr_rt5640.c ++++ b/sound/soc/intel/boards/bytcr_rt5640.c +@@ -510,6 +510,16 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { + BYT_RT5640_MONO_SPEAKER | + BYT_RT5640_MCLK_EN), + }, ++ { /* Estar Beauty HD MID 7316R */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Estar"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "eSTAR BEAUTY HD Intel Quad core"), ++ }, ++ .driver_data = (void *)(BYTCR_INPUT_DEFAULTS | ++ BYT_RT5640_MONO_SPEAKER | ++ BYT_RT5640_SSP0_AIF1 | ++ BYT_RT5640_MCLK_EN), ++ }, + { + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), +-- +2.30.1 + diff --git a/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-voyo-winpa.patch b/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-voyo-winpa.patch new file mode 100644 index 00000000000..b414c57adca --- /dev/null +++ b/queue-4.19/asoc-intel-bytcr_rt5640-add-quirk-for-the-voyo-winpa.patch @@ -0,0 +1,50 @@ +From 546de0319475ef402f3a4ee3120a8e4131d21d2f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 16 Feb 2021 22:35:53 +0100 +Subject: ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet + +From: Hans de Goede + +[ Upstream commit e1317cc9ca4ac20262895fddb065ffda4fc29cfb ] + +The Voyo Winpad A15 tablet uses a Bay Trail (non CR) SoC, so it is using +SSP2 (AIF1) and it mostly works with the defaults. But instead of using +DMIC1 it is using an analog mic on IN1, add a quirk for this. + +Signed-off-by: Hans de Goede +Acked-by: Pierre-Louis Bossart +Link: https://lore.kernel.org/r/20210216213555.36555-3-hdegoede@redhat.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/intel/boards/bytcr_rt5640.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c +index 4dd1941d4147..910214ab140e 100644 +--- a/sound/soc/intel/boards/bytcr_rt5640.c ++++ b/sound/soc/intel/boards/bytcr_rt5640.c +@@ -756,6 +756,20 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { + BYT_RT5640_SSP0_AIF2 | + BYT_RT5640_MCLK_EN), + }, ++ { /* Voyo Winpad A15 */ ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "AMI Corporation"), ++ DMI_MATCH(DMI_BOARD_NAME, "Aptio CRB"), ++ /* Above strings are too generic, also match on BIOS date */ ++ DMI_MATCH(DMI_BIOS_DATE, "11/20/2014"), ++ }, ++ .driver_data = (void *)(BYT_RT5640_IN1_MAP | ++ BYT_RT5640_JD_SRC_JD2_IN4N | ++ BYT_RT5640_OVCD_TH_2000UA | ++ BYT_RT5640_OVCD_SF_0P75 | ++ BYT_RT5640_DIFF_MIC | ++ BYT_RT5640_MCLK_EN), ++ }, + { /* Catch-all for generic Insyde tablets, must be last */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Insyde"), +-- +2.30.1 + diff --git a/queue-4.19/ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch b/queue-4.19/ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch new file mode 100644 index 00000000000..b6ba790847c --- /dev/null +++ b/queue-4.19/ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch @@ -0,0 +1,93 @@ +From 3c1af2ca885ec48e42b786676ddc5ce9f4c4a135 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 22 Dec 2020 14:34:47 +0800 +Subject: ath10k: fix wmi mgmt tx queue full due to race condition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Miaoqing Pan + +[ Upstream commit b55379e343a3472c35f4a1245906db5158cab453 ] + +Failed to transmit wmi management frames: + +[84977.840894] ath10k_snoc a000000.wifi: wmi mgmt tx queue is full +[84977.840913] ath10k_snoc a000000.wifi: failed to transmit packet, dropping: -28 +[84977.840924] ath10k_snoc a000000.wifi: failed to submit frame: -28 +[84977.840932] ath10k_snoc a000000.wifi: failed to transmit frame: -28 + +This issue is caused by race condition between skb_dequeue and +__skb_queue_tail. The queue of ‘wmi_mgmt_tx_queue’ is protected by a +different lock: ar->data_lock vs list->lock, the result is no protection. +So when ath10k_mgmt_over_wmi_tx_work() and ath10k_mac_tx_wmi_mgmt() +running concurrently on different CPUs, there appear to be a rare corner +cases when the queue length is 1, + + CPUx (skb_deuque) CPUy (__skb_queue_tail) + next=list + prev=list + struct sk_buff *skb = skb_peek(list); WRITE_ONCE(newsk->next, next); + WRITE_ONCE(list->qlen, list->qlen - 1);WRITE_ONCE(newsk->prev, prev); + next = skb->next; WRITE_ONCE(next->prev, newsk); + prev = skb->prev; WRITE_ONCE(prev->next, newsk); + skb->next = skb->prev = NULL; list->qlen++; + WRITE_ONCE(next->prev, prev); + WRITE_ONCE(prev->next, next); + +If the instruction ‘next = skb->next’ is executed before +‘WRITE_ONCE(prev->next, newsk)’, newsk will be lost, as CPUx get the +old ‘next’ pointer, but the length is still added by one. The final +result is the length of the queue will reach the maximum value but +the queue is empty. + +So remove ar->data_lock, and use 'skb_queue_tail' instead of +'__skb_queue_tail' to prevent the potential race condition. Also switch +to use skb_queue_len_lockless, in case we queue a few SKBs simultaneously. + +Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.1.c2-00033-QCAHLSWMTPLZ-1 + +Signed-off-by: Miaoqing Pan +Reviewed-by: Brian Norris +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/1608618887-8857-1-git-send-email-miaoqing@codeaurora.org +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ath/ath10k/mac.c | 15 ++++----------- + 1 file changed, 4 insertions(+), 11 deletions(-) + +diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c +index faaca7fe9ad1..f32d35e03708 100644 +--- a/drivers/net/wireless/ath/ath10k/mac.c ++++ b/drivers/net/wireless/ath/ath10k/mac.c +@@ -3567,23 +3567,16 @@ bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar) + static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb) + { + struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue; +- int ret = 0; +- +- spin_lock_bh(&ar->data_lock); + +- if (skb_queue_len(q) == ATH10K_MAX_NUM_MGMT_PENDING) { ++ if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) { + ath10k_warn(ar, "wmi mgmt tx queue is full\n"); +- ret = -ENOSPC; +- goto unlock; ++ return -ENOSPC; + } + +- __skb_queue_tail(q, skb); ++ skb_queue_tail(q, skb); + ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work); + +-unlock: +- spin_unlock_bh(&ar->data_lock); +- +- return ret; ++ return 0; + } + + static enum ath10k_mac_tx_path +-- +2.30.1 + diff --git a/queue-4.19/bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch b/queue-4.19/bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch new file mode 100644 index 00000000000..ce829b51075 --- /dev/null +++ b/queue-4.19/bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch @@ -0,0 +1,57 @@ +From 1d6b0e167996b13e4c009d681c2e3229f1d283df Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Feb 2021 15:12:30 +0530 +Subject: Bluetooth: Fix null pointer dereference in + amp_read_loc_assoc_final_data + +From: Gopal Tiwari + +[ Upstream commit e8bd76ede155fd54d8c41d045dda43cd3174d506 ] + +kernel panic trace looks like: + + #5 [ffffb9e08698fc80] do_page_fault at ffffffffb666e0d7 + #6 [ffffb9e08698fcb0] page_fault at ffffffffb70010fe + [exception RIP: amp_read_loc_assoc_final_data+63] + RIP: ffffffffc06ab54f RSP: ffffb9e08698fd68 RFLAGS: 00010246 + RAX: 0000000000000000 RBX: ffff8c8845a5a000 RCX: 0000000000000004 + RDX: 0000000000000000 RSI: ffff8c8b9153d000 RDI: ffff8c8845a5a000 + RBP: ffffb9e08698fe40 R8: 00000000000330e0 R9: ffffffffc0675c94 + R10: ffffb9e08698fe58 R11: 0000000000000001 R12: ffff8c8b9cbf6200 + R13: 0000000000000000 R14: 0000000000000000 R15: ffff8c8b2026da0b + ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 + #7 [ffffb9e08698fda8] hci_event_packet at ffffffffc0676904 [bluetooth] + #8 [ffffb9e08698fe50] hci_rx_work at ffffffffc06629ac [bluetooth] + #9 [ffffb9e08698fe98] process_one_work at ffffffffb66f95e7 + +hcon->amp_mgr seems NULL triggered kernel panic in following line inside +function amp_read_loc_assoc_final_data + + set_bit(READ_LOC_AMP_ASSOC_FINAL, &mgr->state); + +Fixed by checking NULL for mgr. + +Signed-off-by: Gopal Tiwari +Signed-off-by: Marcel Holtmann +Signed-off-by: Sasha Levin +--- + net/bluetooth/amp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c +index 78bec8df8525..72ef967c5663 100644 +--- a/net/bluetooth/amp.c ++++ b/net/bluetooth/amp.c +@@ -305,6 +305,9 @@ void amp_read_loc_assoc_final_data(struct hci_dev *hdev, + struct hci_request req; + int err; + ++ if (!mgr) ++ return; ++ + cp.phy_handle = hcon->handle; + cp.len_so_far = cpu_to_le16(0); + cp.max_len = cpu_to_le16(hdev->amp_assoc_size); +-- +2.30.1 + diff --git a/queue-4.19/bluetooth-hci_h5-set-hci_quirk_simultaneous_discover.patch b/queue-4.19/bluetooth-hci_h5-set-hci_quirk_simultaneous_discover.patch new file mode 100644 index 00000000000..29cdebde0f0 --- /dev/null +++ b/queue-4.19/bluetooth-hci_h5-set-hci_quirk_simultaneous_discover.patch @@ -0,0 +1,38 @@ +From acb97964c765cefc6daf4630954a182ddcc1c580 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Jan 2021 19:47:00 +0800 +Subject: Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl + +From: Claire Chang + +[ Upstream commit 7f9f2c3f7d99b8ae773459c74ac5e99a0dd46db9 ] + +Realtek Bluetooth controllers can do both LE scan and BR/EDR inquiry +at once, need to set HCI_QUIRK_SIMULTANEOUS_DISCOVERY quirk. + +Signed-off-by: Claire Chang +Signed-off-by: Marcel Holtmann +Signed-off-by: Sasha Levin +--- + drivers/bluetooth/hci_h5.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c +index 7ffeb37e8f20..79b96251de80 100644 +--- a/drivers/bluetooth/hci_h5.c ++++ b/drivers/bluetooth/hci_h5.c +@@ -885,6 +885,11 @@ static int h5_btrtl_setup(struct h5 *h5) + /* Give the device some time before the hci-core sends it a reset */ + usleep_range(10000, 20000); + ++ /* Enable controller to do both LE scan and BR/EDR inquiry ++ * simultaneously. ++ */ ++ set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &h5->hu->hdev->quirks); ++ + out_free: + btrtl_free(btrtl_dev); + +-- +2.30.1 + diff --git a/queue-4.19/btrfs-fix-error-handling-in-commit_fs_roots.patch b/queue-4.19/btrfs-fix-error-handling-in-commit_fs_roots.patch new file mode 100644 index 00000000000..be925abb929 --- /dev/null +++ b/queue-4.19/btrfs-fix-error-handling-in-commit_fs_roots.patch @@ -0,0 +1,79 @@ +From 12776ed85be21db3b2dd737425f097eda83af0a9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Dec 2020 09:53:23 -0500 +Subject: btrfs: fix error handling in commit_fs_roots + +From: Josef Bacik + +[ Upstream commit 4f4317c13a40194940acf4a71670179c4faca2b5 ] + +While doing error injection I would sometimes get a corrupt file system. +This is because I was injecting errors at btrfs_search_slot, but would +only do it one time per stack. This uncovered a problem in +commit_fs_roots, where if we get an error we would just break. However +we're in a nested loop, the first loop being a loop to find all the +dirty fs roots, and then subsequent root updates would succeed clearing +the error value. + +This isn't likely to happen in real scenarios, however we could +potentially get a random ENOMEM once and then not again, and we'd end up +with a corrupted file system. Fix this by moving the error checking +around a bit to the main loop, as this is the only place where something +will fail, and return the error as soon as it occurs. + +With this patch my reproducer no longer corrupts the file system. + +Signed-off-by: Josef Bacik +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/transaction.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c +index 8829d89eb4af..1b52c960682d 100644 +--- a/fs/btrfs/transaction.c ++++ b/fs/btrfs/transaction.c +@@ -1249,7 +1249,6 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans) + struct btrfs_root *gang[8]; + int i; + int ret; +- int err = 0; + + spin_lock(&fs_info->fs_roots_radix_lock); + while (1) { +@@ -1261,6 +1260,8 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans) + break; + for (i = 0; i < ret; i++) { + struct btrfs_root *root = gang[i]; ++ int ret2; ++ + radix_tree_tag_clear(&fs_info->fs_roots_radix, + (unsigned long)root->root_key.objectid, + BTRFS_ROOT_TRANS_TAG); +@@ -1282,17 +1283,17 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans) + root->node); + } + +- err = btrfs_update_root(trans, fs_info->tree_root, ++ ret2 = btrfs_update_root(trans, fs_info->tree_root, + &root->root_key, + &root->root_item); ++ if (ret2) ++ return ret2; + spin_lock(&fs_info->fs_roots_radix_lock); +- if (err) +- break; + btrfs_qgroup_free_meta_all_pertrans(root); + } + } + spin_unlock(&fs_info->fs_roots_radix_lock); +- return err; ++ return 0; + } + + /* +-- +2.30.1 + diff --git a/queue-4.19/crypto-tcrypt-avoid-signed-overflow-in-byte-count.patch b/queue-4.19/crypto-tcrypt-avoid-signed-overflow-in-byte-count.patch new file mode 100644 index 00000000000..acb1f6d8b8b --- /dev/null +++ b/queue-4.19/crypto-tcrypt-avoid-signed-overflow-in-byte-count.patch @@ -0,0 +1,86 @@ +From 601143ca0763709a34510ee6ff59a948681d36ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Dec 2020 15:34:41 +0100 +Subject: crypto: tcrypt - avoid signed overflow in byte count + +From: Ard Biesheuvel + +[ Upstream commit 303fd3e1c771077e32e96e5788817f025f0067e2 ] + +The signed long type used for printing the number of bytes processed in +tcrypt benchmarks limits the range to -/+ 2 GiB, which is not sufficient +to cover the performance of common accelerated ciphers such as AES-NI +when benchmarked with sec=1. So switch to u64 instead. + +While at it, fix up a missing printk->pr_cont conversion in the AEAD +benchmark. + +Signed-off-by: Ard Biesheuvel +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + crypto/tcrypt.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c +index d332988eb8de..bf797c613ba2 100644 +--- a/crypto/tcrypt.c ++++ b/crypto/tcrypt.c +@@ -202,8 +202,8 @@ static int test_mb_aead_jiffies(struct test_mb_aead_data *data, int enc, + goto out; + } + +- pr_cont("%d operations in %d seconds (%ld bytes)\n", +- bcount * num_mb, secs, (long)bcount * blen * num_mb); ++ pr_cont("%d operations in %d seconds (%llu bytes)\n", ++ bcount * num_mb, secs, (u64)bcount * blen * num_mb); + + out: + kfree(rc); +@@ -472,8 +472,8 @@ static int test_aead_jiffies(struct aead_request *req, int enc, + return ret; + } + +- printk("%d operations in %d seconds (%ld bytes)\n", +- bcount, secs, (long)bcount * blen); ++ pr_cont("%d operations in %d seconds (%llu bytes)\n", ++ bcount, secs, (u64)bcount * blen); + return 0; + } + +@@ -763,8 +763,8 @@ static int test_mb_ahash_jiffies(struct test_mb_ahash_data *data, int blen, + goto out; + } + +- pr_cont("%d operations in %d seconds (%ld bytes)\n", +- bcount * num_mb, secs, (long)bcount * blen * num_mb); ++ pr_cont("%d operations in %d seconds (%llu bytes)\n", ++ bcount * num_mb, secs, (u64)bcount * blen * num_mb); + + out: + kfree(rc); +@@ -1200,8 +1200,8 @@ static int test_mb_acipher_jiffies(struct test_mb_skcipher_data *data, int enc, + goto out; + } + +- pr_cont("%d operations in %d seconds (%ld bytes)\n", +- bcount * num_mb, secs, (long)bcount * blen * num_mb); ++ pr_cont("%d operations in %d seconds (%llu bytes)\n", ++ bcount * num_mb, secs, (u64)bcount * blen * num_mb); + + out: + kfree(rc); +@@ -1438,8 +1438,8 @@ static int test_acipher_jiffies(struct skcipher_request *req, int enc, + return ret; + } + +- pr_cont("%d operations in %d seconds (%ld bytes)\n", +- bcount, secs, (long)bcount * blen); ++ pr_cont("%d operations in %d seconds (%llu bytes)\n", ++ bcount, secs, (u64)bcount * blen); + return 0; + } + +-- +2.30.1 + diff --git a/queue-4.19/drm-amd-display-guard-against-null-pointer-deref-whe.patch b/queue-4.19/drm-amd-display-guard-against-null-pointer-deref-whe.patch new file mode 100644 index 00000000000..d6573da60ad --- /dev/null +++ b/queue-4.19/drm-amd-display-guard-against-null-pointer-deref-whe.patch @@ -0,0 +1,47 @@ +From e0ddc22b561dcf20c0a78e3a1c4a67d0d47c29ec Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 18 Dec 2020 12:14:00 -0500 +Subject: drm/amd/display: Guard against NULL pointer deref when get_i2c_info + fails + +From: Nicholas Kazlauskas + +[ Upstream commit 44a09e3d95bd2b7b0c224100f78f335859c4e193 ] + +[Why] +If the BIOS table is invalid or corrupt then get_i2c_info can fail +and we dereference a NULL pointer. + +[How] +Check that ddc_pin is not NULL before using it and log an error if it +is because this is unexpected. + +Tested-by: Daniel Wheeler +Signed-off-by: Nicholas Kazlauskas +Reviewed-by: Eric Yang +Acked-by: Anson Jacob +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c +index fa0e6c8e2447..e3bedf4cc9c0 100644 +--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c ++++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c +@@ -1124,6 +1124,11 @@ static bool construct( + goto ddc_create_fail; + } + ++ if (!link->ddc->ddc_pin) { ++ DC_ERROR("Failed to get I2C info for connector!\n"); ++ goto ddc_create_fail; ++ } ++ + link->ddc_hw_inst = + dal_ddc_get_line( + dal_ddc_service_get_ddc_pin(link->ddc)); +-- +2.30.1 + diff --git a/queue-4.19/f2fs-fix-to-set-clear-i_linkable-under-i_lock.patch b/queue-4.19/f2fs-fix-to-set-clear-i_linkable-under-i_lock.patch new file mode 100644 index 00000000000..fce31fdb103 --- /dev/null +++ b/queue-4.19/f2fs-fix-to-set-clear-i_linkable-under-i_lock.patch @@ -0,0 +1,88 @@ +From 1700a106dca16123c3b72f7c64c48ff5d391502a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 12 Jan 2021 09:55:09 +0800 +Subject: f2fs: fix to set/clear I_LINKABLE under i_lock + +From: Chao Yu + +[ Upstream commit 46085f37fc9e12d5c3539fb768b5ad7951e72acf ] + +fsstress + fault injection test case reports a warning message as +below: + +WARNING: CPU: 13 PID: 6226 at fs/inode.c:361 inc_nlink+0x32/0x40 +Call Trace: + f2fs_init_inode_metadata+0x25c/0x4a0 [f2fs] + f2fs_add_inline_entry+0x153/0x3b0 [f2fs] + f2fs_add_dentry+0x75/0x80 [f2fs] + f2fs_do_add_link+0x108/0x160 [f2fs] + f2fs_rename2+0x6ab/0x14f0 [f2fs] + vfs_rename+0x70c/0x940 + do_renameat2+0x4d8/0x4f0 + __x64_sys_renameat2+0x4b/0x60 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Following race case can cause this: +Thread A Kworker +- f2fs_rename + - f2fs_create_whiteout + - __f2fs_tmpfile + - f2fs_i_links_write + - f2fs_mark_inode_dirty_sync + - mark_inode_dirty_sync + - writeback_single_inode + - __writeback_single_inode + - spin_lock(&inode->i_lock) + - inode->i_state |= I_LINKABLE + - inode->i_state &= ~dirty + - spin_unlock(&inode->i_lock) + - f2fs_add_link + - f2fs_do_add_link + - f2fs_add_dentry + - f2fs_add_inline_entry + - f2fs_init_inode_metadata + - f2fs_i_links_write + - inc_nlink + - WARN_ON(!(inode->i_state & I_LINKABLE)) + +Fix to add i_lock to avoid i_state update race condition. + +Signed-off-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Sasha Levin +--- + fs/f2fs/namei.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c +index 8617e742d087..e20a0f9e6845 100644 +--- a/fs/f2fs/namei.c ++++ b/fs/f2fs/namei.c +@@ -772,7 +772,11 @@ static int __f2fs_tmpfile(struct inode *dir, struct dentry *dentry, + + if (whiteout) { + f2fs_i_links_write(inode, false); ++ ++ spin_lock(&inode->i_lock); + inode->i_state |= I_LINKABLE; ++ spin_unlock(&inode->i_lock); ++ + *whiteout = inode; + } else { + d_tmpfile(dentry, inode); +@@ -966,7 +970,11 @@ static int f2fs_rename(struct inode *old_dir, struct dentry *old_dentry, + err = f2fs_add_link(old_dentry, whiteout); + if (err) + goto put_out_dir; ++ ++ spin_lock(&whiteout->i_lock); + whiteout->i_state &= ~I_LINKABLE; ++ spin_unlock(&whiteout->i_lock); ++ + iput(whiteout); + } + +-- +2.30.1 + diff --git a/queue-4.19/f2fs-handle-unallocated-section-and-zone-on-pinned-a.patch b/queue-4.19/f2fs-handle-unallocated-section-and-zone-on-pinned-a.patch new file mode 100644 index 00000000000..f33bbae8048 --- /dev/null +++ b/queue-4.19/f2fs-handle-unallocated-section-and-zone-on-pinned-a.patch @@ -0,0 +1,44 @@ +From bc973c4a1d50b8a9f924c58a6a523ec6cfb8fe75 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 23 Dec 2020 11:44:25 -0800 +Subject: f2fs: handle unallocated section and zone on pinned/atgc + +From: Jaegeuk Kim + +[ Upstream commit 632faca72938f9f63049e48a8c438913828ac7a9 ] + +If we have large section/zone, unallocated segment makes them corrupted. + +E.g., + + - Pinned file: -1 119304647 119304647 + - ATGC data: -1 119304647 119304647 + +Reviewed-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Sasha Levin +--- + fs/f2fs/segment.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h +index 9c2a55ad61bc..1f5db4cbc499 100644 +--- a/fs/f2fs/segment.h ++++ b/fs/f2fs/segment.h +@@ -91,11 +91,11 @@ + #define BLKS_PER_SEC(sbi) \ + ((sbi)->segs_per_sec * (sbi)->blocks_per_seg) + #define GET_SEC_FROM_SEG(sbi, segno) \ +- ((segno) / (sbi)->segs_per_sec) ++ (((segno) == -1) ? -1: (segno) / (sbi)->segs_per_sec) + #define GET_SEG_FROM_SEC(sbi, secno) \ + ((secno) * (sbi)->segs_per_sec) + #define GET_ZONE_FROM_SEC(sbi, secno) \ +- ((secno) / (sbi)->secs_per_zone) ++ (((secno) == -1) ? -1: (secno) / (sbi)->secs_per_zone) + #define GET_ZONE_FROM_SEG(sbi, segno) \ + GET_ZONE_FROM_SEC(sbi, GET_SEC_FROM_SEG(sbi, segno)) + +-- +2.30.1 + diff --git a/queue-4.19/media-uvcvideo-allow-entities-with-no-pads.patch b/queue-4.19/media-uvcvideo-allow-entities-with-no-pads.patch new file mode 100644 index 00000000000..e381b356623 --- /dev/null +++ b/queue-4.19/media-uvcvideo-allow-entities-with-no-pads.patch @@ -0,0 +1,48 @@ +From 6b56d8f4a3d6fdb27546fa927075ebafb98c6fe0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 23 Dec 2020 14:35:19 +0100 +Subject: media: uvcvideo: Allow entities with no pads + +From: Ricardo Ribalda + +[ Upstream commit 7532dad6634031d083df7af606fac655b8d08b5c ] + +Avoid an underflow while calculating the number of inputs for entities +with zero pads. + +Signed-off-by: Ricardo Ribalda +Signed-off-by: Laurent Pinchart +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/usb/uvc/uvc_driver.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c +index 38c73cdbef70..998ce712978a 100644 +--- a/drivers/media/usb/uvc/uvc_driver.c ++++ b/drivers/media/usb/uvc/uvc_driver.c +@@ -940,7 +940,10 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u8 id, + unsigned int i; + + extra_size = roundup(extra_size, sizeof(*entity->pads)); +- num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads : num_pads - 1; ++ if (num_pads) ++ num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1; ++ else ++ num_inputs = 0; + size = sizeof(*entity) + extra_size + sizeof(*entity->pads) * num_pads + + num_inputs; + entity = kzalloc(size, GFP_KERNEL); +@@ -956,7 +959,7 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u8 id, + + for (i = 0; i < num_inputs; ++i) + entity->pads[i].flags = MEDIA_PAD_FL_SINK; +- if (!UVC_ENTITY_IS_OTERM(entity)) ++ if (!UVC_ENTITY_IS_OTERM(entity) && num_pads) + entity->pads[num_pads-1].flags = MEDIA_PAD_FL_SOURCE; + + entity->bNrInPins = num_inputs; +-- +2.30.1 + diff --git a/queue-4.19/parisc-bump-64-bit-irq-stack-size-to-64-kb.patch b/queue-4.19/parisc-bump-64-bit-irq-stack-size-to-64-kb.patch new file mode 100644 index 00000000000..97390993809 --- /dev/null +++ b/queue-4.19/parisc-bump-64-bit-irq-stack-size-to-64-kb.patch @@ -0,0 +1,41 @@ +From a6d618b7b9e58885a018feefc09d65c288cbdc5b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 18:12:30 -0500 +Subject: parisc: Bump 64-bit IRQ stack size to 64 KB + +From: John David Anglin + +[ Upstream commit 31680c1d1595a59e17c14ec036b192a95f8e5f4a ] + +Bump 64-bit IRQ stack size to 64 KB. + +I had a kernel IRQ stack overflow on the mx3210 debian buildd machine. This patch increases the +64-bit IRQ stack size to 64 KB. The 64-bit stack size needs to be larger than the 32-bit stack +size since registers are twice as big. + +Signed-off-by: John David Anglin +Signed-off-by: Helge Deller +Signed-off-by: Sasha Levin +--- + arch/parisc/kernel/irq.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/parisc/kernel/irq.c b/arch/parisc/kernel/irq.c +index 0ca254085a66..c152c30c2d06 100644 +--- a/arch/parisc/kernel/irq.c ++++ b/arch/parisc/kernel/irq.c +@@ -380,7 +380,11 @@ static inline int eirr_to_irq(unsigned long eirr) + /* + * IRQ STACK - used for irq handler + */ ++#ifdef CONFIG_64BIT ++#define IRQ_STACK_SIZE (4096 << 4) /* 64k irq stack size */ ++#else + #define IRQ_STACK_SIZE (4096 << 3) /* 32k irq stack size */ ++#endif + + union irq_stack_union { + unsigned long stack[IRQ_STACK_SIZE/sizeof(unsigned long)]; +-- +2.30.1 + diff --git a/queue-4.19/pci-add-a-rebar-size-quirk-for-sapphire-rx-5600-xt-p.patch b/queue-4.19/pci-add-a-rebar-size-quirk-for-sapphire-rx-5600-xt-p.patch new file mode 100644 index 00000000000..d604d7db4b0 --- /dev/null +++ b/queue-4.19/pci-add-a-rebar-size-quirk-for-sapphire-rx-5600-xt-p.patch @@ -0,0 +1,48 @@ +From 594d7023c54b331d6147282a994efb9eca1efdd6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 7 Jan 2021 12:26:55 +0100 +Subject: PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nirmoy Das + +[ Upstream commit 907830b0fc9e374d00f3c83de5e426157b482c01 ] + +RX 5600 XT Pulse advertises support for BAR 0 being 256MB, 512MB, +or 1GB, but it also supports 2GB, 4GB, and 8GB. Add a rebar +size quirk so that the BAR 0 is big enough to cover complete VARM. + +Signed-off-by: Christian König +Signed-off-by: Nirmoy Das +Acked-by: Bjorn Helgaas +Link: https://patchwork.kernel.org/project/dri-devel/patch/20210107175017.15893-5-nirmoy.das@amd.com +Signed-off-by: Sasha Levin +--- + drivers/pci/pci.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c +index cd628dd73719..83fda1987d1f 100644 +--- a/drivers/pci/pci.c ++++ b/drivers/pci/pci.c +@@ -3361,7 +3361,14 @@ u32 pci_rebar_get_possible_sizes(struct pci_dev *pdev, int bar) + return 0; + + pci_read_config_dword(pdev, pos + PCI_REBAR_CAP, &cap); +- return (cap & PCI_REBAR_CAP_SIZES) >> 4; ++ cap &= PCI_REBAR_CAP_SIZES; ++ ++ /* Sapphire RX 5600 XT Pulse has an invalid cap dword for BAR 0 */ ++ if (pdev->vendor == PCI_VENDOR_ID_ATI && pdev->device == 0x731f && ++ bar == 0 && cap == 0x7000) ++ cap = 0x3f000; ++ ++ return cap >> 4; + } + + /** +-- +2.30.1 + diff --git a/queue-4.19/pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch b/queue-4.19/pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch new file mode 100644 index 00000000000..b281825b1b7 --- /dev/null +++ b/queue-4.19/pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch @@ -0,0 +1,43 @@ +From 47d6a4e39126a677492d62712c86941c98e8eb38 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Jan 2021 20:42:29 +0800 +Subject: pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() + +From: Di Zhu + +[ Upstream commit 275b1e88cabb34dbcbe99756b67e9939d34a99b6 ] + +pktgen create threads for all online cpus and bond these threads to +relevant cpu repecivtily. when this thread firstly be woken up, it +will compare cpu currently running with the cpu specified at the time +of creation and if the two cpus are not equal, BUG_ON() will take effect +causing panic on the system. +Notice that these threads could be migrated to other cpus before start +running because of the cpu hotplug after these threads have created. so the +BUG_ON() used here seems unreasonable and we can replace it with WARN_ON() +to just printf a warning other than panic the system. + +Signed-off-by: Di Zhu +Link: https://lore.kernel.org/r/20210125124229.19334-1-zhudi21@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/core/pktgen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/core/pktgen.c b/net/core/pktgen.c +index 092fa3d75b32..3714cd9e3111 100644 +--- a/net/core/pktgen.c ++++ b/net/core/pktgen.c +@@ -3471,7 +3471,7 @@ static int pktgen_thread_worker(void *arg) + struct pktgen_dev *pkt_dev = NULL; + int cpu = t->cpu; + +- BUG_ON(smp_processor_id() != cpu); ++ WARN_ON(smp_processor_id() != cpu); + + init_waitqueue_head(&t->queue); + complete(&t->start_done); +-- +2.30.1 + diff --git a/queue-4.19/series b/queue-4.19/series index 7d7ecec7b71..77f9b1dc2f0 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -18,3 +18,24 @@ net-bridge-use-switchdev-for-port-flags-set-through-sysfs-too.patch dt-bindings-net-btusb-dt-fix-s-interrupt-name-interrupt-names.patch rsi-fix-tx-eapol-packet-handling-against-iwlwifi-ap.patch rsi-move-card-interrupt-handling-to-rx-thread.patch +staging-fwserial-fix-error-handling-in-fwserial_crea.patch +x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch +vt-consolemap-do-font-sum-unsigned.patch +wlcore-fix-command-execute-failure-19-for-wl12xx.patch +bluetooth-hci_h5-set-hci_quirk_simultaneous_discover.patch +pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch +ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch +x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch +bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch +staging-most-sound-add-sanity-check-for-function-arg.patch +crypto-tcrypt-avoid-signed-overflow-in-byte-count.patch +pci-add-a-rebar-size-quirk-for-sapphire-rx-5600-xt-p.patch +drm-amd-display-guard-against-null-pointer-deref-whe.patch +media-uvcvideo-allow-entities-with-no-pads.patch +f2fs-handle-unallocated-section-and-zone-on-pinned-a.patch +f2fs-fix-to-set-clear-i_linkable-under-i_lock.patch +btrfs-fix-error-handling-in-commit_fs_roots.patch +parisc-bump-64-bit-irq-stack-size-to-64-kb.patch +asoc-intel-bytcr_rt5640-add-quirk-for-the-estar-beau.patch +asoc-intel-bytcr_rt5640-add-quirk-for-the-voyo-winpa.patch +asoc-intel-bytcr_rt5640-add-quirk-for-the-acer-one-s.patch diff --git a/queue-4.19/staging-fwserial-fix-error-handling-in-fwserial_crea.patch b/queue-4.19/staging-fwserial-fix-error-handling-in-fwserial_crea.patch new file mode 100644 index 00000000000..b6e4a3f3702 --- /dev/null +++ b/queue-4.19/staging-fwserial-fix-error-handling-in-fwserial_crea.patch @@ -0,0 +1,45 @@ +From 4b139f4656eb2fc24edeee7477676f249a3ccc3d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Dec 2020 20:24:35 +0800 +Subject: staging: fwserial: Fix error handling in fwserial_create + +From: Dinghao Liu + +[ Upstream commit f31559af97a0eabd467e4719253675b7dccb8a46 ] + +When fw_core_add_address_handler() fails, we need to destroy +the port by tty_port_destroy(). Also we need to unregister +the address handler by fw_core_remove_address_handler() on +failure. + +Signed-off-by: Dinghao Liu +Link: https://lore.kernel.org/r/20201221122437.10274-1-dinghao.liu@zju.edu.cn +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/fwserial/fwserial.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c +index fa0dd425b454..cd062628a46b 100644 +--- a/drivers/staging/fwserial/fwserial.c ++++ b/drivers/staging/fwserial/fwserial.c +@@ -2219,6 +2219,7 @@ static int fwserial_create(struct fw_unit *unit) + err = fw_core_add_address_handler(&port->rx_handler, + &fw_high_memory_region); + if (err) { ++ tty_port_destroy(&port->port); + kfree(port); + goto free_ports; + } +@@ -2301,6 +2302,7 @@ unregister_ttys: + + free_ports: + for (--i; i >= 0; --i) { ++ fw_core_remove_address_handler(&serial->ports[i]->rx_handler); + tty_port_destroy(&serial->ports[i]->port); + kfree(serial->ports[i]); + } +-- +2.30.1 + diff --git a/queue-4.19/staging-most-sound-add-sanity-check-for-function-arg.patch b/queue-4.19/staging-most-sound-add-sanity-check-for-function-arg.patch new file mode 100644 index 00000000000..c19ddcc5f75 --- /dev/null +++ b/queue-4.19/staging-most-sound-add-sanity-check-for-function-arg.patch @@ -0,0 +1,37 @@ +From 5bb8429ce625903418d9c14889acc3e8d02f0236 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Feb 2021 17:21:05 +0100 +Subject: staging: most: sound: add sanity check for function argument + +From: Christian Gromm + +[ Upstream commit 45b754ae5b82949dca2b6e74fa680313cefdc813 ] + +This patch checks the function parameter 'bytes' before doing the +subtraction to prevent memory corruption. + +Signed-off-by: Christian Gromm +Reported-by: Dan Carpenter +Link: https://lore.kernel.org/r/1612282865-21846-1-git-send-email-christian.gromm@microchip.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/most/sound/sound.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/staging/most/sound/sound.c b/drivers/staging/most/sound/sound.c +index 89b02fc305b8..fd9245d7eeb9 100644 +--- a/drivers/staging/most/sound/sound.c ++++ b/drivers/staging/most/sound/sound.c +@@ -86,6 +86,8 @@ static void swap_copy24(u8 *dest, const u8 *source, unsigned int bytes) + { + unsigned int i = 0; + ++ if (bytes < 2) ++ return; + while (i < bytes - 2) { + dest[i] = source[i + 2]; + dest[i + 1] = source[i + 1]; +-- +2.30.1 + diff --git a/queue-4.19/vt-consolemap-do-font-sum-unsigned.patch b/queue-4.19/vt-consolemap-do-font-sum-unsigned.patch new file mode 100644 index 00000000000..45c06c4c2cb --- /dev/null +++ b/queue-4.19/vt-consolemap-do-font-sum-unsigned.patch @@ -0,0 +1,38 @@ +From a75a5e2ec0e61297e741202a457b78b202201259 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Jan 2021 13:02:34 +0100 +Subject: vt/consolemap: do font sum unsigned + +From: Jiri Slaby + +[ Upstream commit 9777f8e60e718f7b022a94f2524f967d8def1931 ] + +The constant 20 makes the font sum computation signed which can lead to +sign extensions and signed wraps. It's not much of a problem as we build +with -fno-strict-overflow. But if we ever decide not to, be ready, so +switch the constant to unsigned. + +Signed-off-by: Jiri Slaby +Link: https://lore.kernel.org/r/20210105120239.28031-7-jslaby@suse.cz +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/vt/consolemap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c +index 7c7ada0b3ea0..90c6e10b1ef9 100644 +--- a/drivers/tty/vt/consolemap.c ++++ b/drivers/tty/vt/consolemap.c +@@ -495,7 +495,7 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos) + + p2[unicode & 0x3f] = fontpos; + +- p->sum += (fontpos << 20) + unicode; ++ p->sum += (fontpos << 20U) + unicode; + + return 0; + } +-- +2.30.1 + diff --git a/queue-4.19/wlcore-fix-command-execute-failure-19-for-wl12xx.patch b/queue-4.19/wlcore-fix-command-execute-failure-19-for-wl12xx.patch new file mode 100644 index 00000000000..f97873f040b --- /dev/null +++ b/queue-4.19/wlcore-fix-command-execute-failure-19-for-wl12xx.patch @@ -0,0 +1,127 @@ +From fa7ae4253d3d3d7a5a08c66e892aae6df08bd129 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Jan 2021 08:56:13 +0200 +Subject: wlcore: Fix command execute failure 19 for wl12xx + +From: Tony Lindgren + +[ Upstream commit cb88d01b67383a095e3f7caeb4cdade5a6cf0417 ] + +We can currently get a "command execute failure 19" error on beacon loss +if the signal is weak: + +wlcore: Beacon loss detected. roles:0xff +wlcore: Connection loss work (role_id: 0). +... +wlcore: ERROR command execute failure 19 +... +WARNING: CPU: 0 PID: 1552 at drivers/net/wireless/ti/wlcore/main.c:803 +... +(wl12xx_queue_recovery_work.part.0 [wlcore]) +(wl12xx_cmd_role_start_sta [wlcore]) +(wl1271_op_bss_info_changed [wlcore]) +(ieee80211_prep_connection [mac80211]) + +Error 19 is defined as CMD_STATUS_WRONG_NESTING from the wlcore firmware, +and seems to mean that the firmware no longer wants to see the quirk +handling for WLCORE_QUIRK_START_STA_FAILS done. + +This quirk got added with commit 18eab430700d ("wlcore: workaround +start_sta problem in wl12xx fw"), and it seems that this already got fixed +in the firmware long time ago back in 2012 as wl18xx never had this quirk +in place to start with. + +As we no longer even support firmware that early, to me it seems that it's +safe to just drop WLCORE_QUIRK_START_STA_FAILS to fix the error. Looks +like earlier firmware got disabled back in 2013 with commit 0e284c074ef9 +("wl12xx: increase minimum singlerole firmware version required"). + +If it turns out we still need WLCORE_QUIRK_START_STA_FAILS with any +firmware that the driver works with, we can simply revert this patch and +add extra checks for firmware version used. + +With this fix wlcore reconnects properly after a beacon loss. + +Cc: Raz Bouganim +Signed-off-by: Tony Lindgren +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20210115065613.7731-1-tony@atomide.com +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ti/wl12xx/main.c | 3 --- + drivers/net/wireless/ti/wlcore/main.c | 15 +-------------- + drivers/net/wireless/ti/wlcore/wlcore.h | 3 --- + 3 files changed, 1 insertion(+), 20 deletions(-) + +diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c +index 4a4f797bb10f..e10fff42751e 100644 +--- a/drivers/net/wireless/ti/wl12xx/main.c ++++ b/drivers/net/wireless/ti/wl12xx/main.c +@@ -649,7 +649,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + wl->quirks |= WLCORE_QUIRK_LEGACY_NVS | + WLCORE_QUIRK_DUAL_PROBE_TMPL | + WLCORE_QUIRK_TKIP_HEADER_SPACE | +- WLCORE_QUIRK_START_STA_FAILS | + WLCORE_QUIRK_AP_ZERO_SESSION_ID; + wl->sr_fw_name = WL127X_FW_NAME_SINGLE; + wl->mr_fw_name = WL127X_FW_NAME_MULTI; +@@ -673,7 +672,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + wl->quirks |= WLCORE_QUIRK_LEGACY_NVS | + WLCORE_QUIRK_DUAL_PROBE_TMPL | + WLCORE_QUIRK_TKIP_HEADER_SPACE | +- WLCORE_QUIRK_START_STA_FAILS | + WLCORE_QUIRK_AP_ZERO_SESSION_ID; + wl->plt_fw_name = WL127X_PLT_FW_NAME; + wl->sr_fw_name = WL127X_FW_NAME_SINGLE; +@@ -702,7 +700,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + wl->quirks |= WLCORE_QUIRK_TX_BLOCKSIZE_ALIGN | + WLCORE_QUIRK_DUAL_PROBE_TMPL | + WLCORE_QUIRK_TKIP_HEADER_SPACE | +- WLCORE_QUIRK_START_STA_FAILS | + WLCORE_QUIRK_AP_ZERO_SESSION_ID; + + wlcore_set_min_fw_ver(wl, WL128X_CHIP_VER, +diff --git a/drivers/net/wireless/ti/wlcore/main.c b/drivers/net/wireless/ti/wlcore/main.c +index 43c7b37dec0c..e24ffdff5bdc 100644 +--- a/drivers/net/wireless/ti/wlcore/main.c ++++ b/drivers/net/wireless/ti/wlcore/main.c +@@ -2875,21 +2875,8 @@ static int wlcore_join(struct wl1271 *wl, struct wl12xx_vif *wlvif) + + if (is_ibss) + ret = wl12xx_cmd_role_start_ibss(wl, wlvif); +- else { +- if (wl->quirks & WLCORE_QUIRK_START_STA_FAILS) { +- /* +- * TODO: this is an ugly workaround for wl12xx fw +- * bug - we are not able to tx/rx after the first +- * start_sta, so make dummy start+stop calls, +- * and then call start_sta again. +- * this should be fixed in the fw. +- */ +- wl12xx_cmd_role_start_sta(wl, wlvif); +- wl12xx_cmd_role_stop_sta(wl, wlvif); +- } +- ++ else + ret = wl12xx_cmd_role_start_sta(wl, wlvif); +- } + + return ret; + } +diff --git a/drivers/net/wireless/ti/wlcore/wlcore.h b/drivers/net/wireless/ti/wlcore/wlcore.h +index d4b1f66ef457..af7cf70b3832 100644 +--- a/drivers/net/wireless/ti/wlcore/wlcore.h ++++ b/drivers/net/wireless/ti/wlcore/wlcore.h +@@ -559,9 +559,6 @@ wlcore_set_min_fw_ver(struct wl1271 *wl, unsigned int chip, + /* Each RX/TX transaction requires an end-of-transaction transfer */ + #define WLCORE_QUIRK_END_OF_TRANSACTION BIT(0) + +-/* the first start_role(sta) sometimes doesn't work on wl12xx */ +-#define WLCORE_QUIRK_START_STA_FAILS BIT(1) +- + /* wl127x and SPI don't support SDIO block size alignment */ + #define WLCORE_QUIRK_TX_BLOCKSIZE_ALIGN BIT(2) + +-- +2.30.1 + diff --git a/queue-4.19/x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch b/queue-4.19/x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch new file mode 100644 index 00000000000..4d620425080 --- /dev/null +++ b/queue-4.19/x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch @@ -0,0 +1,111 @@ +From dda8eedada7d09847ee18363bc77d39dcd3b84ac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 27 Jan 2021 12:56:00 -0800 +Subject: x86/build: Treat R_386_PLT32 relocation as R_386_PC32 + +From: Fangrui Song + +[ Upstream commit bb73d07148c405c293e576b40af37737faf23a6a ] + +This is similar to commit + + b21ebf2fb4cd ("x86: Treat R_X86_64_PLT32 as R_X86_64_PC32") + +but for i386. As far as the kernel is concerned, R_386_PLT32 can be +treated the same as R_386_PC32. + +R_386_PLT32/R_X86_64_PLT32 are PC-relative relocation types which +can only be used by branches. If the referenced symbol is defined +externally, a PLT will be used. + +R_386_PC32/R_X86_64_PC32 are PC-relative relocation types which can be +used by address taking operations and branches. If the referenced symbol +is defined externally, a copy relocation/canonical PLT entry will be +created in the executable. + +On x86-64, there is no PIC vs non-PIC PLT distinction and an +R_X86_64_PLT32 relocation is produced for both `call/jmp foo` and +`call/jmp foo@PLT` with newer (2018) GNU as/LLVM integrated assembler. +This avoids canonical PLT entries (st_shndx=0, st_value!=0). + +On i386, there are 2 types of PLTs, PIC and non-PIC. Currently, +the GCC/GNU as convention is to use R_386_PC32 for non-PIC PLT and +R_386_PLT32 for PIC PLT. Copy relocations/canonical PLT entries +are possible ABI issues but GCC/GNU as will likely keep the status +quo because (1) the ABI is legacy (2) the change will drop a GNU +ld diagnostic for non-default visibility ifunc in shared objects. + +clang-12 -fno-pic (since [1]) can emit R_386_PLT32 for compiler +generated function declarations, because preventing canonical PLT +entries is weighed over the rare ifunc diagnostic. + +Further info for the more interested: + + https://github.com/ClangBuiltLinux/linux/issues/1210 + https://sourceware.org/bugzilla/show_bug.cgi?id=27169 + https://github.com/llvm/llvm-project/commit/a084c0388e2a59b9556f2de0083333232da3f1d6 [1] + + [ bp: Massage commit message. ] + +Reported-by: Arnd Bergmann +Signed-off-by: Fangrui Song +Signed-off-by: Borislav Petkov +Reviewed-by: Nick Desaulniers +Reviewed-by: Nathan Chancellor +Tested-by: Nick Desaulniers +Tested-by: Nathan Chancellor +Tested-by: Sedat Dilek +Link: https://lkml.kernel.org/r/20210127205600.1227437-1-maskray@google.com +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/module.c | 1 + + arch/x86/tools/relocs.c | 12 ++++++++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c +index 6645f123419c..9f0be2c7e346 100644 +--- a/arch/x86/kernel/module.c ++++ b/arch/x86/kernel/module.c +@@ -126,6 +126,7 @@ int apply_relocate(Elf32_Shdr *sechdrs, + *location += sym->st_value; + break; + case R_386_PC32: ++ case R_386_PLT32: + /* Add the value, subtract its position */ + *location += sym->st_value - (uint32_t)location; + break; +diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c +index 3a6c8ebc8032..aa046d46ff8f 100644 +--- a/arch/x86/tools/relocs.c ++++ b/arch/x86/tools/relocs.c +@@ -841,9 +841,11 @@ static int do_reloc32(struct section *sec, Elf_Rel *rel, Elf_Sym *sym, + case R_386_PC32: + case R_386_PC16: + case R_386_PC8: ++ case R_386_PLT32: + /* +- * NONE can be ignored and PC relative relocations don't +- * need to be adjusted. ++ * NONE can be ignored and PC relative relocations don't need ++ * to be adjusted. Because sym must be defined, R_386_PLT32 can ++ * be treated the same way as R_386_PC32. + */ + break; + +@@ -884,9 +886,11 @@ static int do_reloc_real(struct section *sec, Elf_Rel *rel, Elf_Sym *sym, + case R_386_PC32: + case R_386_PC16: + case R_386_PC8: ++ case R_386_PLT32: + /* +- * NONE can be ignored and PC relative relocations don't +- * need to be adjusted. ++ * NONE can be ignored and PC relative relocations don't need ++ * to be adjusted. Because sym must be defined, R_386_PLT32 can ++ * be treated the same way as R_386_PC32. + */ + break; + +-- +2.30.1 + diff --git a/queue-4.19/x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch b/queue-4.19/x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch new file mode 100644 index 00000000000..718aaed4240 --- /dev/null +++ b/queue-4.19/x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch @@ -0,0 +1,52 @@ +From 5ec28022e8e34e845139304baa93b0b7f4a231b0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Dec 2020 12:39:57 +0100 +Subject: x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk + +From: Heiner Kallweit + +[ Upstream commit 4b2d8ca9208be636b30e924b1cbcb267b0740c93 ] + +On this system the M.2 PCIe WiFi card isn't detected after reboot, only +after cold boot. reboot=pci fixes this behavior. In [0] the same issue +is described, although on another system and with another Intel WiFi +card. In case it's relevant, both systems have Celeron CPUs. + +Add a PCI reboot quirk on affected systems until a more generic fix is +available. + +[0] https://bugzilla.kernel.org/show_bug.cgi?id=202399 + + [ bp: Massage commit message. ] + +Signed-off-by: Heiner Kallweit +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/1524eafd-f89c-cfa4-ed70-0bde9e45eec9@gmail.com +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/reboot.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c +index a19706bee687..6489cc19ed06 100644 +--- a/arch/x86/kernel/reboot.c ++++ b/arch/x86/kernel/reboot.c +@@ -477,6 +477,15 @@ static const struct dmi_system_id reboot_dmi_table[] __initconst = { + }, + }, + ++ { /* PCIe Wifi card isn't detected after reboot otherwise */ ++ .callback = set_pci_reboot, ++ .ident = "Zotac ZBOX CI327 nano", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "NA"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "ZBOX-CI327NANO-GS-01"), ++ }, ++ }, ++ + /* Sony */ + { /* Handle problems with rebooting on Sony VGN-Z540N */ + .callback = set_bios_reboot, +-- +2.30.1 +